Analysis
-
max time kernel
119s -
max time network
129s -
platform
windows7_x64 -
resource
win7-20240705-en -
resource tags
-
submitted
08/07/2024, 11:59
General
-
Target
openx-2.8.7/etc/changes/migration_tables_core_540.ps1
-
Size
11KB
-
MD5
9993374c969e3298c4603faad77b0582
-
SHA1
94725944b85059afc5f79ef4240148c1020e093f
-
SHA256
1296ae0a82a739ca27537a19542563ef2051d251455b186fa023b8dc21f3840e
-
SHA512
ac9886f59114f9abfc0813214b8c7387239b8f0bee8bee4e6c9c42c0072bfe470a65845b626cc46b01c4f4cc453a411888cc2b868bcc9f650abdd5ad4ee1ba85
-
SSDEEP
192:ebunPoDX3KFE33NMrxoOJSVcYbqs1mzZDL:ebOPoDX3KFE33NMrAC
Score
3/10
Malware Config
Signatures
-
Command and Scripting Interpreter: PowerShell 1 TTPs 1 IoCs
Using powershell.exe command.
-
Suspicious behavior: EnumeratesProcesses 1 IoCs
-
Suspicious use of AdjustPrivilegeToken 1 IoCs
Processes
-
C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exepowershell.exe -ExecutionPolicy bypass -File C:\Users\Admin\AppData\Local\Temp\openx-2.8.7\etc\changes\migration_tables_core_540.ps11⤵
- Command and Scripting Interpreter: PowerShell
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of AdjustPrivilegeToken
Network
MITRE ATT&CK Enterprise v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
4KB
-
Filesize
32KB
-
Filesize
2.9MB
-
Filesize
9.6MB
-
Filesize
9.6MB
-
Filesize
9.6MB
-
Filesize
9.6MB
-
Filesize
9.6MB
-
Filesize
9.6MB