Analysis
-
max time kernel
93s -
max time network
97s -
platform
windows10-2004_x64 -
resource
win10v2004-20240704-en -
resource tags
-
submitted
08/07/2024, 20:09
General
-
Target
dadeng.org-v0.6/ThinkPHP/Lib/Think/Db/Db.class.ps1
-
Size
38KB
-
MD5
a70087b1b7d07b526c7b3e3f7475de5f
-
SHA1
ad4bb876094da65e2b394cb54941a544f14b12ca
-
SHA256
eac0235a34bbab771d981d993492a690b87b5d95ebf88bee31759b45b2719445
-
SHA512
1fc2252a30a6f6fe65e6aa28f9b44ac7431b074b4e2f21f35866f5c8892ca9b1ffc409ea36e1f873ef4f1c61da010f092bd215eea19bf9216e1f0a5026c039f9
-
SSDEEP
768:uSnz7F1+VzE3Eh8jlDr2oBY/ZUl2CRg8yxGJfYw9:uMzJCeDr2oBUZC2CRfyxGJfd9
Score
3/10
Malware Config
Signatures
-
Command and Scripting Interpreter: PowerShell 1 TTPs 1 IoCs
Using powershell.exe command.
-
Suspicious behavior: EnumeratesProcesses 2 IoCs
-
Suspicious use of AdjustPrivilegeToken 1 IoCs
Processes
-
C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exepowershell.exe -ExecutionPolicy bypass -File C:\Users\Admin\AppData\Local\Temp\dadeng.org-v0.6\ThinkPHP\Lib\Think\Db\Db.class.ps11⤵
- Command and Scripting Interpreter: PowerShell
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of AdjustPrivilegeToken
Network
MITRE ATT&CK Enterprise v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
60B
MD5d17fe0a3f47be24a6453e9ef58c94641
SHA16ab83620379fc69f80c0242105ddffd7d98d5d9d
SHA25696ad1146eb96877eab5942ae0736b82d8b5e2039a80d3d6932665c1a4c87dcf7
SHA5125b592e58f26c264604f98f6aa12860758ce606d1c63220736cf0c779e4e18e3cec8706930a16c38b20161754d1017d1657d35258e58ca22b18f5b232880dec82
-
Filesize
8KB
-
Filesize
10.8MB
-
Filesize
136KB
-
Filesize
10.8MB
-
Filesize
10.8MB