Overview

overview

3

Static

static

3

xash/cstri.../cs.so

ubuntu-24.04-amd64

1

xash/cstri...d64.so

ubuntu-22.04-amd64

1

xash/cstri...mp.dll

windows7-x64

1

xash/cstri...mp.dll

windows10-2004-x64

3

xash/cstri...cz.dll

windows7-x64

3

xash/cstri...cz.dll

windows10-2004-x64

3

xash/cstri...al.htm

windows7-x64

1

xash/cstri...al.htm

windows10-2004-x64

1

xash/cstri...d.html

windows7-x64

1

xash/cstri...d.html

windows10-2004-x64

1

xash/cstrike/user.scr

windows7-x64

xash/cstrike/user.scr

windows10-2004-x64

xash/valve...UI.dll

windows7-x64

1

xash/valve...UI.dll

windows10-2004-x64

1

xash/valve...an.dll

windows7-x64

3

xash/valve...an.dll

windows10-2004-x64

3

xash/valve...ft.ps1

windows7-x64

3

xash/valve...ft.ps1

windows10-2004-x64

3

xash/valve...rt.ps1

windows7-x64

3

xash/valve...rt.ps1

windows10-2004-x64

3

xash/valve...zy.ps1

windows7-x64

3

xash/valve...zy.ps1

windows10-2004-x64

3

xash/valve...gs.scr

windows7-x64

xash/valve...gs.scr

windows10-2004-x64

xash/valve...m1.ps1

windows7-x64

3

xash/valve...m1.ps1

windows10-2004-x64

3

xash/valve/user.scr

windows7-x64

xash/valve/user.scr

windows10-2004-x64

Analysis

  • max time kernel
    3s
  • max time network
    45s
  • platform
    windows7_x64
  • resource
    win7-20240704-en
  • resource tags

    arch:x64arch:x86image:win7-20240704-enlocale:en-usos:windows7-x64system
  • submitted
    11/07/2024, 00:34

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    xash/valve/overviews/frenzy.ps1

  • Size

    1.3MB

  • MD5

    bb453b07bc020eb862ee7ad17dd91141

  • SHA1

    2d3562a2aa6034a723b48b6c0f350cd192365aae

  • SHA256

    dbfc9c0e926679cf45fa23299f1ccb6f989b9de81f01d5f49179a2e0055c449b

  • SHA512

    a51a910e743a3e7895c31562378732db6cb4b34456208fd5b797134356c4950ed7b41ed71928e1e48b01b7c40206765f5cbfad25280858eba8b23f1594b7d21e

  • SSDEEP

    24576:M+SYuvvuwv9SI5GARmAbcRjRAUxf+N/nlzGS7zaxZsXk55EjB/E6PiBz:MJYMv79SzAR9kRAUV+NvlzGS7zO68EBs

Score
3/10
execution

Malware Config

Signatures

  • Command and Scripting Interpreter: PowerShell 1 TTPs 1 IoCs

    Using powershell.exe command.

    execution
  • Suspicious behavior: EnumeratesProcesses 1 IoCs
  • Suspicious use of AdjustPrivilegeToken 1 IoCs

Processes

  • C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
    powershell.exe -ExecutionPolicy bypass -File C:\Users\Admin\AppData\Local\Temp\xash\valve\overviews\frenzy.ps1
    1⤵
    • Command and Scripting Interpreter: PowerShell
    • Suspicious behavior: EnumeratesProcesses
    • Suspicious use of AdjustPrivilegeToken
    PID:604

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • memory/604-4-0x000007FEF4A7E000-0x000007FEF4A7F000-memory.dmp

    Filesize

    4KB

    Download

  • memory/604-5-0x000000001B240000-0x000000001B522000-memory.dmp

    Filesize

    2.9MB

    Download

  • memory/604-7-0x000007FEF47C0000-0x000007FEF515D000-memory.dmp

    Filesize

    9.6MB

    Download

  • memory/604-6-0x0000000002570000-0x0000000002578000-memory.dmp

    Filesize

    32KB

    Download

  • memory/604-8-0x000007FEF47C0000-0x000007FEF515D000-memory.dmp

    Filesize

    9.6MB

    Download

  • memory/604-9-0x000007FEF47C0000-0x000007FEF515D000-memory.dmp

    Filesize

    9.6MB

    Download

  • memory/604-10-0x000007FEF47C0000-0x000007FEF515D000-memory.dmp

    Filesize

    9.6MB

    Download

  • memory/604-11-0x000007FEF47C0000-0x000007FEF515D000-memory.dmp

    Filesize

    9.6MB

    Download

  • memory/604-12-0x000007FEF47C0000-0x000007FEF515D000-memory.dmp

    Filesize

    9.6MB

    Download