Overview

overview

10

Static

static

1

pw.ps1

windows7-x64

1

pw.ps1

windows10-2004-x64

10

Analysis

  • max time kernel
    118s
  • max time network
    125s
  • platform
    windows7_x64
  • resource
    win7-20240221-en
  • resource tags

    arch:x64arch:x86image:win7-20240221-enlocale:en-usos:windows7-x64system
  • submitted
    26-04-2024 18:53

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    pw.ps1

  • Size

    13.0MB

  • MD5

    50eb02e67256948eb696df9762a46422

  • SHA1

    2494e4466131091bf71caf26ff1aadf986e0acbc

  • SHA256

    1b5cd42f4382ba1f47f3b6b4dd3e0cdf707eaf6a25494114126242f202b9f5cd

  • SHA512

    e13e93e494631fa361f41ad13ed31d47bb20e3a03e5898fb39738508b943c0f8c5537c8c41b9cdbd522cdce997b3935abcf9ae972f0886283973ceab2ebc2d08

  • SSDEEP

    49152:q+PeksaLvwswXlcCdoFcoc9EjBomkb6ri5yRb:

Score
1/10

Malware Config

Signatures

  • Suspicious behavior: EnumeratesProcesses 1 IoCs
  • Suspicious use of AdjustPrivilegeToken 1 IoCs

Processes

  • C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
    powershell.exe -ExecutionPolicy bypass -File C:\Users\Admin\AppData\Local\Temp\pw.ps1
    1⤵
    • Suspicious behavior: EnumeratesProcesses
    • Suspicious use of AdjustPrivilegeToken
    PID:1100

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

  • memory/1100-5-0x0000000002560000-0x0000000002568000-memory.dmp
    Filesize

    32KB

    Download
  • memory/1100-4-0x000000001B170000-0x000000001B452000-memory.dmp
    Filesize

    2.9MB

    Download
  • memory/1100-6-0x000007FEF4AA0000-0x000007FEF543D000-memory.dmp
    Filesize

    9.6MB

    Download
  • memory/1100-9-0x0000000002430000-0x00000000024B0000-memory.dmp
    Filesize

    512KB

    Download
  • memory/1100-8-0x0000000002430000-0x00000000024B0000-memory.dmp
    Filesize

    512KB

    Download
  • memory/1100-7-0x0000000002430000-0x00000000024B0000-memory.dmp
    Filesize

    512KB

    Download
  • memory/1100-10-0x000007FEF4AA0000-0x000007FEF543D000-memory.dmp
    Filesize

    9.6MB

    Download
  • memory/1100-11-0x0000000002430000-0x00000000024B0000-memory.dmp
    Filesize

    512KB

    Download
  • memory/1100-12-0x000007FEF4AA0000-0x000007FEF543D000-memory.dmp
    Filesize

    9.6MB

    Download
  • memory/1100-13-0x0000000002430000-0x00000000024B0000-memory.dmp
    Filesize

    512KB

    Download
  • memory/1100-15-0x0000000002430000-0x00000000024B0000-memory.dmp
    Filesize

    512KB

    Download
  • memory/1100-14-0x0000000002430000-0x00000000024B0000-memory.dmp
    Filesize

    512KB

    Download
  • memory/1100-16-0x000007FEF4AA0000-0x000007FEF543D000-memory.dmp
    Filesize

    9.6MB

    Download
  • memory/1100-17-0x0000000002430000-0x00000000024B0000-memory.dmp
    Filesize

    512KB

    Download