Analysis
-
max time kernel
119s -
max time network
128s -
platform
windows7_x64 -
resource
win7-20240221-en -
resource tags
-
submitted
09-05-2024 09:17
General
-
Target
inc/codestar-framework/classes/shortcode-options.class.ps1
-
Size
12KB
-
MD5
891a87996b9ee3a4b3cbe5ad210a82ba
-
SHA1
d0d1d3f43f73be59cb2a0bcffb33ce1e3d76e26c
-
SHA256
c9f2e12a5f64433910ee9b3a09959866733610a9e9a47c82e68f2845c53dea80
-
SHA512
5534635cbada84cd90f2b6632dbf77888e391a9e108f09f2141e2be875f1e7eadf5298dcac03ea3a45757f0b2f659e404b9cb8c2d914ff0e85460be6fa037ada
-
SSDEEP
192:q5SKgDmWDe2FVybFE7eaO9aRO0S7h4Sh/VhYtM2/V2Zg2h5wcxSyvxZMYEZwiGD1:qEIE7eaOcR5WiShNhSM2N2J5wC1/
Score
3/10
Malware Config
Signatures
-
Command and Scripting Interpreter: PowerShell 1 TTPs 1 IoCs
Using powershell.exe command.
-
Suspicious behavior: EnumeratesProcesses 1 IoCs
-
Suspicious use of AdjustPrivilegeToken 1 IoCs
Processes
-
C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exepowershell.exe -ExecutionPolicy bypass -File C:\Users\Admin\AppData\Local\Temp\inc\codestar-framework\classes\shortcode-options.class.ps11⤵
- Command and Scripting Interpreter: PowerShell
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of AdjustPrivilegeToken
Network
MITRE ATT&CK Matrix ATT&CK v13
Replay Monitor
Loading Replay Monitor...
Downloads
-
memory/2052-4-0x000007FEF56DE000-0x000007FEF56DF000-memory.dmpFilesize
4KB
-
memory/2052-5-0x000000001B120000-0x000000001B402000-memory.dmpFilesize
2.9MB
-
memory/2052-6-0x0000000002590000-0x0000000002598000-memory.dmpFilesize
32KB
-
memory/2052-7-0x000007FEF5420000-0x000007FEF5DBD000-memory.dmpFilesize
9.6MB
-
memory/2052-8-0x000007FEF5420000-0x000007FEF5DBD000-memory.dmpFilesize
9.6MB
-
memory/2052-9-0x000007FEF5420000-0x000007FEF5DBD000-memory.dmpFilesize
9.6MB
-
memory/2052-10-0x000000000251B000-0x0000000002582000-memory.dmpFilesize
412KB
-
memory/2052-12-0x000007FEF5420000-0x000007FEF5DBD000-memory.dmpFilesize
9.6MB
-
memory/2052-11-0x000007FEF5420000-0x000007FEF5DBD000-memory.dmpFilesize
9.6MB