Overview

overview

3

Static

static

1

trigger.ps1

windows7-x64

3

trigger.ps1

android-9-x86

trigger.ps1

android-10-x64

trigger.ps1

android-11-x64

trigger.ps1

macos-10.15-amd64

1

Resubmissions

12-07-2024 20:04

240712-ythb1ayanm 3

12-07-2024 20:04

240712-ytcfrayank 1

12-07-2024 20:03

240712-ys69qsyamp 1

12-07-2024 20:03

240712-ys2dgsyalp 1

12-07-2024 13:24

240712-qnd4dsxele 3

Analysis

  • max time kernel
    316s
  • max time network
    316s
  • platform
    windows7_x64
  • resource
    win7-20240705-en
  • resource tags

    arch:x64arch:x86image:win7-20240705-enlocale:en-usos:windows7-x64system
  • submitted
    12-07-2024 20:04

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    trigger.ps1

  • Size

    11B

  • MD5

    fb795feaa7259419ddde81a0035cfbef

  • SHA1

    5473681b4ea7167701193cf79bf0162b9d3639b5

  • SHA256

    385dca79ea2fa20b0c2cbb78979466105ff2f492a27ab3c9f8e8ab1cc60f74d8

  • SHA512

    702ea7cb2fc4fea5f9e475ae34be5d1191974c1b6a34d3fe8f00be5765683184d8481e62597e9fd0909e08ed9a2d7d96781dde957fbc30772416071a4049455e

Score
3/10
execution

Malware Config

Signatures

  • Command and Scripting Interpreter: PowerShell 1 TTPs 1 IoCs

    Using powershell.exe command.

    execution
  • Suspicious behavior: EnumeratesProcesses 1 IoCs
  • Suspicious use of AdjustPrivilegeToken 1 IoCs

Processes

  • C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
    powershell.exe -ExecutionPolicy bypass -File C:\Users\Admin\AppData\Local\Temp\trigger.ps1
    1⤵
    • Command and Scripting Interpreter: PowerShell
    • Suspicious behavior: EnumeratesProcesses
    • Suspicious use of AdjustPrivilegeToken
    PID:672

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • memory/672-4-0x000007FEF546E000-0x000007FEF546F000-memory.dmp

    Filesize

    4KB

    Download

  • memory/672-5-0x000000001B670000-0x000000001B952000-memory.dmp

    Filesize

    2.9MB

    Download

  • memory/672-6-0x0000000002860000-0x0000000002868000-memory.dmp

    Filesize

    32KB

    Download

  • memory/672-7-0x000007FEF51B0000-0x000007FEF5B4D000-memory.dmp

    Filesize

    9.6MB

    Download

  • memory/672-10-0x000007FEF51B0000-0x000007FEF5B4D000-memory.dmp

    Filesize

    9.6MB

    Download

  • memory/672-9-0x000007FEF51B0000-0x000007FEF5B4D000-memory.dmp

    Filesize

    9.6MB

    Download

  • memory/672-8-0x000007FEF51B0000-0x000007FEF5B4D000-memory.dmp

    Filesize

    9.6MB

    Download

  • memory/672-11-0x000007FEF51B0000-0x000007FEF5B4D000-memory.dmp

    Filesize

    9.6MB

    Download