Analysis
-
max time kernel
1s -
max time network
0s -
platform
windows7_x64 -
resource
win7-20240508-en -
resource tags
arch:x64arch:x86image:win7-20240508-enlocale:en-usos:windows7-x64system -
submitted
18-05-2024 15:23
Static task
static1
Behavioral task
behavioral1
Sample
XYZDropper.ps1
Resource
win7-20240508-en
windows7-x64
3 signatures
150 seconds
General
-
Target
XYZDropper.ps1
-
Size
934B
-
MD5
1c1993547e335066690268b61a80f3d1
-
SHA1
b88c3905e103e70c1386e9fb551a8268e3ea689c
-
SHA256
30e7ebeab787d4c6ec8f2b8ca1c472f0947c0fbfae1e94a460a4089d5a8a63dc
-
SHA512
c302dad7c6ce6aed6b1e04335e0cedb550668ae713f5da212745346090473273a89ccb870b10c725fe85269629ccb13aa97c8e8dd00acf61d9e61f6d251a8182
Score
3/10
Malware Config
Signatures
-
Suspicious behavior: EnumeratesProcesses 1 IoCs
Processes:
powershell.exepid process 1484 powershell.exe -
Suspicious use of AdjustPrivilegeToken 1 IoCs
Processes:
powershell.exedescription pid process Token: SeDebugPrivilege 1484 powershell.exe
Processes
Network
MITRE ATT&CK Matrix ATT&CK v13
Replay Monitor
Loading Replay Monitor...
Downloads
-
memory/1484-4-0x000007FEF5D1E000-0x000007FEF5D1F000-memory.dmpFilesize
4KB
-
memory/1484-5-0x000000001B620000-0x000000001B902000-memory.dmpFilesize
2.9MB
-
memory/1484-7-0x000007FEF5A60000-0x000007FEF63FD000-memory.dmpFilesize
9.6MB
-
memory/1484-8-0x000007FEF5A60000-0x000007FEF63FD000-memory.dmpFilesize
9.6MB
-
memory/1484-6-0x0000000002790000-0x0000000002798000-memory.dmpFilesize
32KB
-
memory/1484-9-0x000007FEF5A60000-0x000007FEF63FD000-memory.dmpFilesize
9.6MB
-
memory/1484-10-0x000007FEF5A60000-0x000007FEF63FD000-memory.dmpFilesize
9.6MB
-
memory/1484-11-0x000007FEF5A60000-0x000007FEF63FD000-memory.dmpFilesize
9.6MB