Overview

overview

3

Static

static

1

Documentat...x.html

windows7-x64

1

Documentat...x.html

windows10-2004-x64

1

Documentat...l.html

windows7-x64

1

Documentat...l.html

windows10-2004-x64

1

Documentat...e.html

windows7-x64

1

Documentat...e.html

windows10-2004-x64

1

Documentat...e.html

windows7-x64

1

Documentat...e.html

windows10-2004-x64

1

Documentat...��.url

windows7-x64

1

Documentat...��.url

windows10-2004-x64

1

Upload/adm...x.html

windows7-x64

1

Upload/adm...x.html

windows10-2004-x64

1

Upload/adm...rm.ps1

windows7-x64

3

Upload/adm...rm.ps1

windows10-2004-x64

3

Upload/adm...age.js

windows7-x64

3

Upload/adm...age.js

windows10-2004-x64

3

Upload/adm...le.ps1

windows7-x64

3

Upload/adm...le.ps1

windows10-2004-x64

3

Upload/adm...ns.ps1

windows7-x64

3

Upload/adm...ns.ps1

windows10-2004-x64

3

Upload/adm...es.ps1

windows7-x64

3

Upload/adm...es.ps1

windows10-2004-x64

3

Upload/adm...er.ps1

windows7-x64

3

Upload/adm...er.ps1

windows10-2004-x64

3

Upload/adm...x.html

windows7-x64

1

Upload/adm...x.html

windows10-2004-x64

1

Upload/admin/index.js

windows7-x64

3

Upload/admin/index.js

windows10-2004-x64

3

Upload/adm...ncp.js

windows7-x64

3

Upload/adm...ncp.js

windows10-2004-x64

3

Upload/adm...s.html

windows7-x64

1

Upload/adm...s.html

windows10-2004-x64

1

Analysis

  • max time kernel
    121s
  • max time network
    122s
  • platform
    windows7_x64
  • resource
    win7-20231129-en
  • resource tags

    arch:x64arch:x86image:win7-20231129-enlocale:en-usos:windows7-x64system
  • submitted
    20-06-2024 03:23

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    Upload/admin/inc/functions.ps1

  • Size

    16KB

  • MD5

    4bd30e18a98dcd60e5b9f9cc6180015a

  • SHA1

    88b76c68a36c8815866c97d4674c09d4c4c35ccc

  • SHA256

    aaea3daaabac998a46878f0c5704a24af444ce126ad00b77c9b7677715a1d902

  • SHA512

    26a49d4367fe5085050dbfa7c8007fa01e8ca0fce2f493252fb4906ee80fd1bb3beb23ebe38ac9b66b16f8d1fa6964e131dd2bf2fe7cad2e085d1b3d7b65e136

  • SSDEEP

    384:11dXC2Nkf3JQI3EVpPp6LGX99M2yE4gbWh8CFmoaukkdKNlDBLM7cAr4jo:1Gf3JX3EV5YLGX99xCgoadHi

Score
3/10
execution

Malware Config

Signatures

  • Command and Scripting Interpreter: PowerShell 1 TTPs 1 IoCs

    Using powershell.exe command.

    execution
  • Suspicious behavior: EnumeratesProcesses 1 IoCs
  • Suspicious use of AdjustPrivilegeToken 1 IoCs

Processes

  • C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
    powershell.exe -ExecutionPolicy bypass -File C:\Users\Admin\AppData\Local\Temp\Upload\admin\inc\functions.ps1
    1⤵
    • Command and Scripting Interpreter: PowerShell
    • Suspicious behavior: EnumeratesProcesses
    • Suspicious use of AdjustPrivilegeToken
    PID:1688

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • memory/1688-4-0x000007FEF53BE000-0x000007FEF53BF000-memory.dmp

    Filesize

    4KB

    Download

  • memory/1688-5-0x000000001B720000-0x000000001BA02000-memory.dmp

    Filesize

    2.9MB

    Download

  • memory/1688-6-0x0000000002760000-0x0000000002768000-memory.dmp

    Filesize

    32KB

    Download

  • memory/1688-7-0x000007FEF5100000-0x000007FEF5A9D000-memory.dmp

    Filesize

    9.6MB

    Download

  • memory/1688-8-0x000007FEF5100000-0x000007FEF5A9D000-memory.dmp

    Filesize

    9.6MB

    Download

  • memory/1688-9-0x000007FEF5100000-0x000007FEF5A9D000-memory.dmp

    Filesize

    9.6MB

    Download

  • memory/1688-10-0x000007FEF5100000-0x000007FEF5A9D000-memory.dmp

    Filesize

    9.6MB

    Download

  • memory/1688-11-0x000007FEF5100000-0x000007FEF5A9D000-memory.dmp

    Filesize

    9.6MB

    Download

  • memory/1688-12-0x000007FEF5100000-0x000007FEF5A9D000-memory.dmp

    Filesize

    9.6MB

    Download