5f6530be24f6ba44238a0e5edad83985cbe2447639876f01a8f05ee238d0f3f1 | Triage

Submit
Reports

Overview

overview

8

Static

static

1

script.ps1

windows10-1703-x64

8

Sharing

General

Target

script.ps1
Size

30B
Sample

240516-2alf4abd7t
MD5

76dd9af12f71e7232fd5b4f8f2a1e5ab
SHA1

ca6bb8a8b084f034fee6bd9055897dff8ccd5383
SHA256

5f6530be24f6ba44238a0e5edad83985cbe2447639876f01a8f05ee238d0f3f1
SHA512

f20c59ed2da9c83e7d3e7d7ad5648b24dd050a5fd484b9d9858138b32682eeacd03044b162cf97b50ca5b5f391b2c1ec607e71e0b77a382a2c0dd369746a0295

Score

8^/10

execution

Static task

static1

Behavioral task

behavioral1

Sample

script.ps1

Resource

win10-20240404-en

windows10-1703-x64

20 signatures

1800 seconds

Malware Config

Targets

- Target
  
  script.ps1
- Size
  
  30B
- MD5
  
  76dd9af12f71e7232fd5b4f8f2a1e5ab
- SHA1
  
  ca6bb8a8b084f034fee6bd9055897dff8ccd5383
- SHA256
  
  5f6530be24f6ba44238a0e5edad83985cbe2447639876f01a8f05ee238d0f3f1
- SHA512
  
  f20c59ed2da9c83e7d3e7d7ad5648b24dd050a5fd484b9d9858138b32682eeacd03044b162cf97b50ca5b5f391b2c1ec607e71e0b77a382a2c0dd369746a0295
Score

8^/10

execution
- Blocklisted process makes network request
- Downloads MZ/PE file
- Executes dropped EXE
- Loads dropped DLL
- Enumerates connected drives
  Attempts to read the root path of hard drives other than the default C: drive.
- Legitimate hosting services abused for malware hosting/C2
- Checks system information in the registry
  System information is often read in order to detect sandboxing environments.
behavioral1

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Command and Scripting Interpreter

PowerShell

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

Subvert Trust Controls

Install Root Certificate

Credential Access

Discovery

Peripheral Device Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Command and Control

Web Service

Exfiltration

Impact

Tasks

static1

behavioral1

© 2018-2024

Terms | Privacy