Overview

overview

3

Static

static

1

68e24f54f9...e1.ps1

windows7-x64

3

68e24f54f9...e1.ps1

windows10-2004-x64

3

Analysis

  • max time kernel
    149s
  • max time network
    121s
  • platform
    windows7_x64
  • resource
    win7-20231129-en
  • resource tags

    arch:x64arch:x86image:win7-20231129-enlocale:en-usos:windows7-x64system
  • submitted
    29/05/2024, 18:16

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    68e24f54f98ff6bed8c25c7a08c1d224ed1ab378ac1d7fb9d232ebeaf3b283e1.ps1

  • Size

    1KB

  • MD5

    3d2fb069db2dbda9d278fc79bdfdfbe8

  • SHA1

    d64f798b2285fbc3c0c27bb033c80657a3b3d982

  • SHA256

    68e24f54f98ff6bed8c25c7a08c1d224ed1ab378ac1d7fb9d232ebeaf3b283e1

  • SHA512

    5fe4612b79f3d7234a081b4611742b0e3a1037183c7e9e05b6b3eb69f06bf998da45611dd0dba6905efdc6a2bbd2ca8ffa4a38268210c7f7b2cac364736033e3

Score
3/10
execution

Malware Config

Signatures

  • Command and Scripting Interpreter: PowerShell 1 TTPs 1 IoCs

    Using powershell.exe command.

    execution
  • Suspicious behavior: EnumeratesProcesses 64 IoCs
  • Suspicious use of AdjustPrivilegeToken 1 IoCs

Processes

  • C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
    powershell.exe -ExecutionPolicy bypass -File C:\Users\Admin\AppData\Local\Temp\68e24f54f98ff6bed8c25c7a08c1d224ed1ab378ac1d7fb9d232ebeaf3b283e1.ps1
    1⤵
    • Command and Scripting Interpreter: PowerShell
    • Suspicious behavior: EnumeratesProcesses
    • Suspicious use of AdjustPrivilegeToken
    PID:2964

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • memory/2964-4-0x000007FEF5FEE000-0x000007FEF5FEF000-memory.dmp

    Filesize

    4KB

    Download

  • memory/2964-5-0x000000001B7D0000-0x000000001BAB2000-memory.dmp

    Filesize

    2.9MB

    Download

  • memory/2964-7-0x000007FEF5D30000-0x000007FEF66CD000-memory.dmp

    Filesize

    9.6MB

    Download

  • memory/2964-8-0x000007FEF5D30000-0x000007FEF66CD000-memory.dmp

    Filesize

    9.6MB

    Download

  • memory/2964-6-0x0000000001E80000-0x0000000001E88000-memory.dmp

    Filesize

    32KB

    Download

  • memory/2964-9-0x000007FEF5D30000-0x000007FEF66CD000-memory.dmp

    Filesize

    9.6MB

    Download

  • memory/2964-10-0x000007FEF5D30000-0x000007FEF66CD000-memory.dmp

    Filesize

    9.6MB

    Download

  • memory/2964-11-0x000007FEF5D30000-0x000007FEF66CD000-memory.dmp

    Filesize

    9.6MB

    Download

  • memory/2964-12-0x000007FEF5D30000-0x000007FEF66CD000-memory.dmp

    Filesize

    9.6MB

    Download

  • memory/2964-13-0x000007FEF5FEE000-0x000007FEF5FEF000-memory.dmp

    Filesize

    4KB

    Download

  • memory/2964-14-0x000007FEF5D30000-0x000007FEF66CD000-memory.dmp

    Filesize

    9.6MB

    Download

  • memory/2964-15-0x000007FEF5D30000-0x000007FEF66CD000-memory.dmp

    Filesize

    9.6MB

    Download

  • memory/2964-16-0x000007FEF5D30000-0x000007FEF66CD000-memory.dmp

    Filesize

    9.6MB

    Download