Overview

overview

3

Static

static

3

J_Space寂...ut.htm

windows7-x64

1

J_Space寂...ut.htm

windows10-2004-x64

1

J_Space寂...hu.htm

windows7-x64

1

J_Space寂...hu.htm

windows10-2004-x64

1

J_Space寂...r.html

windows7-x64

1

J_Space寂...r.html

windows10-2004-x64

1

J_Space寂...ge.htm

windows7-x64

1

J_Space寂...ge.htm

windows10-2004-x64

1

J_Space寂...ft.htm

windows7-x64

1

J_Space寂...ft.htm

windows10-2004-x64

1

J_Space寂...xi.htm

windows7-x64

1

J_Space寂...xi.htm

windows10-2004-x64

1

J_Space寂...in.htm

windows7-x64

1

J_Space寂...in.htm

windows10-2004-x64

1

J_Space寂...UL.exe

windows7-x64

1

J_Space寂...UL.exe

windows10-2004-x64

1

J_Space寂...ig.ps1

windows7-x64

3

J_Space寂...ig.ps1

windows10-2004-x64

3

J_Space寂...se.ps1

windows7-x64

3

J_Space寂...se.ps1

windows10-2004-x64

3

J_Space寂...er.vbs

windows7-x64

1

J_Space寂...er.vbs

windows10-2004-x64

1

J_Space寂...ob.vbs

windows7-x64

1

J_Space寂...ob.vbs

windows10-2004-x64

1

J_Space寂...un.vbs

windows7-x64

1

J_Space寂...un.vbs

windows10-2004-x64

1

J_Space寂...ht.ps1

windows7-x64

3

J_Space寂...ht.ps1

windows10-2004-x64

3

J_Space寂...ail.js

windows7-x64

3

J_Space寂...ail.js

windows10-2004-x64

3

J_Space寂...ass.js

windows7-x64

3

J_Space寂...ass.js

windows10-2004-x64

3

Analysis

  • max time kernel
    118s
  • max time network
    119s
  • platform
    windows7_x64
  • resource
    win7-20240704-en
  • resource tags

    arch:x64arch:x86image:win7-20240704-enlocale:en-usos:windows7-x64system
  • submitted
    14/07/2024, 15:40

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    J_Space寂寞游侠修改美化加强版/admin/database.ps1

  • Size

    19KB

  • MD5

    3bed5a5f852b95ff3e0b2464f84a4aed

  • SHA1

    6f1e92f5f66c76711ecfc3766ed7a1bc8bd96f67

  • SHA256

    0ca2db9d7e1ede986b4038387afd30cbc9b2948aac218617d2cba9658fcc0b56

  • SHA512

    52a81d1adff5a3b893ab6b0718a65dc8809c195a8a21524e7e4976456e00554baed03dc83163a31cf03880e39f496bd66cdcda2d2b2a6e3b132f78c2b526ce68

  • SSDEEP

    384:cZRkIIjgQNwWQi2WWQW6FGqtsFa6WBR1/ZWhWek26x/6:C7IcQNwti2WnHtya6q1/ZWh9wx/6

Score
3/10
execution

Malware Config

Signatures

  • Command and Scripting Interpreter: PowerShell 1 TTPs 1 IoCs

    Using powershell.exe command.

    execution
  • Suspicious behavior: EnumeratesProcesses 1 IoCs
  • Suspicious use of AdjustPrivilegeToken 1 IoCs

Processes

  • C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
    powershell.exe -ExecutionPolicy bypass -File C:\Users\Admin\AppData\Local\Temp\J_Space寂寞游侠修改美化加强版\admin\database.ps1
    1⤵
    • Command and Scripting Interpreter: PowerShell
    • Suspicious behavior: EnumeratesProcesses
    • Suspicious use of AdjustPrivilegeToken
    PID:1668

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • memory/1668-4-0x000007FEF576E000-0x000007FEF576F000-memory.dmp

    Filesize

    4KB

    Download

  • memory/1668-5-0x000000001B770000-0x000000001BA52000-memory.dmp

    Filesize

    2.9MB

    Download

  • memory/1668-6-0x0000000001FF0000-0x0000000001FF8000-memory.dmp

    Filesize

    32KB

    Download

  • memory/1668-7-0x000007FEF54B0000-0x000007FEF5E4D000-memory.dmp

    Filesize

    9.6MB

    Download

  • memory/1668-8-0x000007FEF54B0000-0x000007FEF5E4D000-memory.dmp

    Filesize

    9.6MB

    Download

  • memory/1668-9-0x000007FEF54B0000-0x000007FEF5E4D000-memory.dmp

    Filesize

    9.6MB

    Download

  • memory/1668-11-0x000007FEF54B0000-0x000007FEF5E4D000-memory.dmp

    Filesize

    9.6MB

    Download

  • memory/1668-10-0x000007FEF54B0000-0x000007FEF5E4D000-memory.dmp

    Filesize

    9.6MB

    Download

  • memory/1668-12-0x000007FEF54B0000-0x000007FEF5E4D000-memory.dmp

    Filesize

    9.6MB

    Download