Overview

overview

10

Static

static

3

3a53c78fe9...18.exe

windows7-x64

10

3a53c78fe9...18.exe

windows10-2004-x64

10

KtlVtDDtCbxIugvgm.ps1

windows7-x64

3

KtlVtDDtCbxIugvgm.ps1

windows10-2004-x64

3

KtlVtDDtCb...a5.exe

windows7-x64

10

KtlVtDDtCb...a5.exe

windows10-2004-x64

10

Analysis

  • max time kernel
    121s
  • max time network
    123s
  • platform
    windows7_x64
  • resource
    win7-20240508-en
  • resource tags

    arch:x64arch:x86image:win7-20240508-enlocale:en-usos:windows7-x64system
  • submitted
    12-05-2024 13:24

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    KtlVtDDtCbxIugvgm.ps1

  • Size

    548KB

  • MD5

    759df20fc9033fe2ce3af881567a0829

  • SHA1

    d0fc50a7b88b54a573b5ffdfaba36c380da5f222

  • SHA256

    dd52fa10a43e5082981ecf90523d3f308fbdffea66844148e96a547ad133c8e7

  • SHA512

    60381d28369bbcb9f08396abd5cbcff336758e546223086d93e76b77c478cf200dfbed77e8120406fb589abb304e8fb466be7d0e06e579e9f4ec6fc67560fdc9

  • SSDEEP

    3072:lNgCN7HUJSqCDKNEsVPctRNHByrsGCaAYciERk5R9XFd5K/PF5dxaaODKYXPgB4S:D

Score
3/10
execution

Malware Config

Signatures

  • Command and Scripting Interpreter: PowerShell 1 TTPs 1 IoCs

    Using powershell.exe command.

    execution
  • Suspicious behavior: EnumeratesProcesses 1 IoCs
  • Suspicious use of AdjustPrivilegeToken 1 IoCs

Processes

  • C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
    powershell.exe -ExecutionPolicy bypass -File C:\Users\Admin\AppData\Local\Temp\KtlVtDDtCbxIugvgm.ps1
    1⤵
    • Command and Scripting Interpreter: PowerShell
    • Suspicious behavior: EnumeratesProcesses
    • Suspicious use of AdjustPrivilegeToken
    PID:1780

Network

MITRE ATT&CK Matrix ATT&CK v13

Initial Access

Execution

Command and Scripting Interpreter

1
T1059

PowerShell

1
T1059.001

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Resource Development

Reconnaissance

Replay Monitor

Loading Replay Monitor...

Downloads

  • memory/1780-4-0x000007FEF624E000-0x000007FEF624F000-memory.dmp
    Filesize

    4KB

    Download
  • memory/1780-5-0x000000001B620000-0x000000001B902000-memory.dmp
    Filesize

    2.9MB

    Download
  • memory/1780-7-0x000007FEF5F90000-0x000007FEF692D000-memory.dmp
    Filesize

    9.6MB

    Download
  • memory/1780-9-0x000007FEF5F90000-0x000007FEF692D000-memory.dmp
    Filesize

    9.6MB

    Download
  • memory/1780-10-0x000007FEF5F90000-0x000007FEF692D000-memory.dmp
    Filesize

    9.6MB

    Download
  • memory/1780-11-0x000007FEF5F90000-0x000007FEF692D000-memory.dmp
    Filesize

    9.6MB

    Download
  • memory/1780-8-0x000007FEF5F90000-0x000007FEF692D000-memory.dmp
    Filesize

    9.6MB

    Download
  • memory/1780-6-0x0000000001E60000-0x0000000001E68000-memory.dmp
    Filesize

    32KB

    Download
  • memory/1780-12-0x000007FEF5F90000-0x000007FEF692D000-memory.dmp
    Filesize

    9.6MB

    Download