Overview

overview

7

Static

static

4

Install_Xf...b9.exe

windows7-x64

7

Install_Xf...b9.exe

windows10-2004-x64

7

$DOCUMENTS...se.ps1

windows7-x64

3

$DOCUMENTS...se.ps1

windows10-2004-x64

3

$DOCUMENTS...al.pdf

windows7-x64

1

$DOCUMENTS...al.pdf

windows10-2004-x64

1

$PLUGINSDI...em.dll

windows7-x64

3

$PLUGINSDI...em.dll

windows10-2004-x64

3

$PLUGINSDI...sh.dll

windows7-x64

3

$PLUGINSDI...sh.dll

windows10-2004-x64

3

$PLUGINSDI...gs.dll

windows7-x64

3

$PLUGINSDI...gs.dll

windows10-2004-x64

3

$_12_/Serum_x64.dll

windows7-x64

1

$_12_/Serum_x64.dll

windows10-2004-x64

1

C:/Program...um.dll

windows7-x64

3

C:/Program...um.dll

windows10-2004-x64

3

C:/Program...um.dll

windows7-x64

3

C:/Program...um.dll

windows10-2004-x64

3

C:/Program...um.dll

windows7-x64

3

C:/Program...um.dll

windows10-2004-x64

3

C:/Program...um.dll

windows7-x64

3

C:/Program...um.dll

windows10-2004-x64

3

C:/Program...um.dll

windows7-x64

3

C:/Program...um.dll

windows10-2004-x64

3

C:/Program...um.dll

windows7-x64

3

C:/Program...um.dll

windows10-2004-x64

3

C:/Program...um.dll

windows7-x64

3

C:/Program...um.dll

windows10-2004-x64

3

C:/Program...um.dll

windows7-x64

3

C:/Program...um.dll

windows10-2004-x64

3

Serum.dll

windows7-x64

3

Serum.dll

windows10-2004-x64

3

Analysis

  • max time kernel
    119s
  • max time network
    128s
  • platform
    windows7_x64
  • resource
    win7-20240215-en
  • resource tags

    arch:x64arch:x86image:win7-20240215-enlocale:en-usos:windows7-x64system
  • submitted
    05/06/2024, 13:14 UTC

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    $DOCUMENTS/Xfer/Serum Presets/Noises/Analog/SH1 Noise.ps1

  • Size

    172KB

  • MD5

    b7a5497d00ac747d0a77ef2ce5d6b7cd

  • SHA1

    c3981be1a791d3f8925c1b6cb6468211534bdaeb

  • SHA256

    c5e14f2f716769bba3efa8a8956b43cf7d436876afb3f0a238813b3a4b6e8f55

  • SHA512

    519962341caf3f7c203c294b0fb678fa7d432999d70ea6b48af09a256d4d038f656b5e2b7acb8038496a0b560fa36d704e54de10590d4fdd3379d58773fd0be9

  • SSDEEP

    3072:w/mWOgcQBhHM5RBpCOzUl9ynZWu/Nj4HqMXB74076UCXicsGKHcEhr:w/mHgThHMbCOwfYZWENEKMXB007+ts5V

Score
3/10
execution

Malware Config

Signatures

  • Command and Scripting Interpreter: PowerShell 1 TTPs 1 IoCs

    Using powershell.exe command.

    execution
  • Suspicious behavior: EnumeratesProcesses 1 IoCs
  • Suspicious use of AdjustPrivilegeToken 1 IoCs

Processes

  • C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
    powershell.exe -ExecutionPolicy bypass -File "C:\Users\Admin\AppData\Local\Temp\$DOCUMENTS\Xfer\Serum Presets\Noises\Analog\SH1 Noise.ps1"
    1⤵
    • Command and Scripting Interpreter: PowerShell
    • Suspicious behavior: EnumeratesProcesses
    • Suspicious use of AdjustPrivilegeToken
    PID:1844

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • memory/1844-4-0x000007FEF5E1E000-0x000007FEF5E1F000-memory.dmp

    Filesize

    4KB

    Download

  • memory/1844-5-0x000000001B610000-0x000000001B8F2000-memory.dmp

    Filesize

    2.9MB

    Download

  • memory/1844-6-0x00000000027E0000-0x00000000027E8000-memory.dmp

    Filesize

    32KB

    Download

  • memory/1844-7-0x000007FEF5B60000-0x000007FEF64FD000-memory.dmp

    Filesize

    9.6MB

    Download

  • memory/1844-8-0x000007FEF5B60000-0x000007FEF64FD000-memory.dmp

    Filesize

    9.6MB

    Download

  • memory/1844-9-0x000007FEF5B60000-0x000007FEF64FD000-memory.dmp

    Filesize

    9.6MB

    Download

  • memory/1844-10-0x000007FEF5B60000-0x000007FEF64FD000-memory.dmp

    Filesize

    9.6MB

    Download

We care about your privacy.

This website stores cookies on your computer. These cookies are used to improve your website experience and provide more personalized services to you, both on this website and through other media. To find out more about the cookies we use, see our Privacy Policy.