Overview

overview

1

Static

static

1

Docebo_Utils/Bases.js

windows11-21h2-x64

1

Docebo_Uti...ers.js

windows11-21h2-x64

1

Docebo_Utils/EMail.js

windows11-21h2-x64

1

Docebo_Uti...ng.ps1

windows11-21h2-x64

1

Docebo_Uti...ers.js

windows11-21h2-x64

1

Docebo_Uti...ram.js

windows11-21h2-x64

1

Docebo_Uti...ata.js

windows11-21h2-x64

1

Docebo_Uti...est.js

windows11-21h2-x64

1

packages/A...DME.js

windows11-21h2-x64

1

packages/A...re.dll

windows11-21h2-x64

1

packages/A...re.dll

windows11-21h2-x64

1

packages/A...re.dll

windows11-21h2-x64

1

packages/A...re.dll

windows11-21h2-x64

1

packages/A...DME.js

windows11-21h2-x64

1

packages/A...ty.dll

windows11-21h2-x64

1

packages/M...es.dll

windows11-21h2-x64

1

packages/M...nt.dll

windows11-21h2-x64

1

packages/M...nt.dll

windows11-21h2-x64

1

packages/M...nt.dll

windows11-21h2-x64

1

packages/M...al.dll

windows11-21h2-x64

1

packages/M...al.dll

windows11-21h2-x64

1

packages/M...al.dll

windows11-21h2-x64

1

packages/M...ns.dll

windows11-21h2-x64

1

packages/M...ns.dll

windows11-21h2-x64

1

packages/M...ns.dll

windows11-21h2-x64

1

packages/M...ns.dll

windows11-21h2-x64

1

packages/M...ns.dll

windows11-21h2-x64

1

packages/M...ns.dll

windows11-21h2-x64

1

packages/M...ns.dll

windows11-21h2-x64

1

packages/M...ns.dll

windows11-21h2-x64

1

packages/M...ns.dll

windows11-21h2-x64

1

packages/M...ns.dll

windows11-21h2-x64

1

Analysis

  • max time kernel
    90s
  • max time network
    98s
  • platform
    windows11-21h2_x64
  • resource
    win11-20240412-en
  • resource tags

    arch:x64arch:x86image:win11-20240412-enlocale:en-usos:windows11-21h2-x64system
  • submitted
    25/04/2024, 12:18

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    Docebo_Utils/Encoding.ps1

  • Size

    463B

  • MD5

    16e7433c12d3a01f86b83702b1912927

  • SHA1

    6efd6f09468d088d2814670ea5f34a9095a91e50

  • SHA256

    7c15feb3ff87e2bbe88aa63192664b0ed2431e2781a979d03d7a58456e5db60f

  • SHA512

    86ea2b370318728a3041e8c3408bf6e66205faad8e704027ef6c12f6eaa4cc8bf7dc63e61b71e4cfde9c13e89568986da026812d2274ab2302de816a7ac7d11d

Score
1/10

Malware Config

Signatures

  • Suspicious behavior: EnumeratesProcesses 2 IoCs
  • Suspicious use of AdjustPrivilegeToken 1 IoCs

Processes

  • C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
    powershell.exe -ExecutionPolicy bypass -File C:\Users\Admin\AppData\Local\Temp\Docebo_Utils\Encoding.ps1
    1⤵
    • Suspicious behavior: EnumeratesProcesses
    • Suspicious use of AdjustPrivilegeToken
    PID:1584

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Users\Admin\AppData\Local\Temp\__PSScriptPolicyTest_zvuhbeph.1in.ps1
    Filesize

    60B

    MD5

    d17fe0a3f47be24a6453e9ef58c94641

    SHA1

    6ab83620379fc69f80c0242105ddffd7d98d5d9d

    SHA256

    96ad1146eb96877eab5942ae0736b82d8b5e2039a80d3d6932665c1a4c87dcf7

    SHA512

    5b592e58f26c264604f98f6aa12860758ce606d1c63220736cf0c779e4e18e3cec8706930a16c38b20161754d1017d1657d35258e58ca22b18f5b232880dec82

    Download Submit

  • memory/1584-9-0x00007FFF1CC20000-0x00007FFF1D6E2000-memory.dmp

    Filesize

    10.8MB

    Download

  • memory/1584-8-0x0000012D4D6E0000-0x0000012D4D702000-memory.dmp

    Filesize

    136KB

    Download

  • memory/1584-10-0x0000012D4BC80000-0x0000012D4BC90000-memory.dmp

    Filesize

    64KB

    Download

  • memory/1584-11-0x0000012D4BC80000-0x0000012D4BC90000-memory.dmp

    Filesize

    64KB

    Download

  • memory/1584-14-0x00007FFF1CC20000-0x00007FFF1D6E2000-memory.dmp

    Filesize

    10.8MB

    Download