Analysis
-
max time kernel
120s -
max time network
129s -
platform
windows7_x64 -
resource
win7-20240508-en -
resource tags
-
submitted
28-05-2024 18:35
General
-
Target
_internal/tk/mkpsenc.ps1
-
Size
30KB
-
MD5
983c7b78f1a0ebacab8006d391a01fcd
-
SHA1
7ea37474ea039ed7a37bfdd7d76eae673e666283
-
SHA256
c5bdca3aba671f03dc4624ab5fd260490f5002491d6c619142ccf5a1a744528a
-
SHA512
a006ef9b7213e572f6fc540d1512a52c52fec44e3a07846de09662ae32b7191c5cf639798531847b39e4076bf9dd6314b6f5373065c04f4fef221185b39c3117
-
SSDEEP
768:+c4g8rSnBGzHsGK83Ch0x/0kmSq6O4+rNfPCpM2sEmqKys3pCJxi5dEaY:+c4g8OnBGzBK83Ch0x/0FSq6OnrGM2h3
Score
3/10
Malware Config
Signatures
-
Command and Scripting Interpreter: PowerShell 1 TTPs 1 IoCs
Using powershell.exe command.
-
Suspicious behavior: EnumeratesProcesses 1 IoCs
-
Suspicious use of AdjustPrivilegeToken 1 IoCs
Processes
-
C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exepowershell.exe -ExecutionPolicy bypass -File C:\Users\Admin\AppData\Local\Temp\_internal\tk\mkpsenc.ps11⤵
- Command and Scripting Interpreter: PowerShell
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of AdjustPrivilegeToken
Network
MITRE ATT&CK Matrix ATT&CK v13
Replay Monitor
Loading Replay Monitor...
Downloads
-
memory/108-4-0x000007FEF62CE000-0x000007FEF62CF000-memory.dmpFilesize
4KB
-
memory/108-5-0x000000001B670000-0x000000001B952000-memory.dmpFilesize
2.9MB
-
memory/108-7-0x000007FEF6010000-0x000007FEF69AD000-memory.dmpFilesize
9.6MB
-
memory/108-8-0x000007FEF6010000-0x000007FEF69AD000-memory.dmpFilesize
9.6MB
-
memory/108-6-0x0000000002240000-0x0000000002248000-memory.dmpFilesize
32KB
-
memory/108-9-0x000007FEF6010000-0x000007FEF69AD000-memory.dmpFilesize
9.6MB
-
memory/108-10-0x000007FEF6010000-0x000007FEF69AD000-memory.dmpFilesize
9.6MB
-
memory/108-11-0x000007FEF6010000-0x000007FEF69AD000-memory.dmpFilesize
9.6MB