Overview

overview

10

Static

static

1

NHLRYQURTHYLDPQY.ps1

windows7-x64

3

NHLRYQURTHYLDPQY.ps1

windows10-2004-x64

10

Analysis

  • max time kernel
    121s
  • max time network
    127s
  • platform
    windows7_x64
  • resource
    win7-20240705-en
  • resource tags

    arch:x64arch:x86image:win7-20240705-enlocale:en-usos:windows7-x64system
  • submitted
    29-07-2024 20:16

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    NHLRYQURTHYLDPQY.ps1

  • Size

    559KB

  • MD5

    2684613c1f5db2fd250bc0551887419c

  • SHA1

    1a29e5c18976095f7fe5719bd3d16c36fd3db5fd

  • SHA256

    41ae3eb86359c776ac1b40faf1eb43eb7d874cbf233444aa3af554257d64e62a

  • SHA512

    aea057c3526c8b8d7177f94cc32f5c5c021529461f7f657ac36a26da584dbaa92ac8fd976b6d66177d48d22b52cace678186885afe9cc24c4da6c6cb0cf7df33

  • SSDEEP

    1536:kDh8DyXBs84VhDEak0EyxWq0JnZcjCuPSWaZauagEGG8dw:kDhiyXBs84VhDEakbyxWq0JSv

Score
3/10
execution

Malware Config

Signatures

  • Command and Scripting Interpreter: PowerShell 1 TTPs 1 IoCs

    Using powershell.exe command.

    execution
  • Suspicious behavior: EnumeratesProcesses 1 IoCs
  • Suspicious use of AdjustPrivilegeToken 1 IoCs

Processes

  • C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
    powershell.exe -ExecutionPolicy bypass -File C:\Users\Admin\AppData\Local\Temp\NHLRYQURTHYLDPQY.ps1
    1⤵
    • Command and Scripting Interpreter: PowerShell
    • Suspicious behavior: EnumeratesProcesses
    • Suspicious use of AdjustPrivilegeToken
    PID:2652

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • memory/2652-4-0x000007FEF5D9E000-0x000007FEF5D9F000-memory.dmp

    Filesize

    4KB

    Download

  • memory/2652-5-0x000000001B610000-0x000000001B8F2000-memory.dmp

    Filesize

    2.9MB

    Download

  • memory/2652-6-0x0000000001D20000-0x0000000001D28000-memory.dmp

    Filesize

    32KB

    Download

  • memory/2652-7-0x000007FEF5AE0000-0x000007FEF647D000-memory.dmp

    Filesize

    9.6MB

    Download

  • memory/2652-8-0x000007FEF5AE0000-0x000007FEF647D000-memory.dmp

    Filesize

    9.6MB

    Download

  • memory/2652-10-0x000007FEF5AE0000-0x000007FEF647D000-memory.dmp

    Filesize

    9.6MB

    Download

  • memory/2652-9-0x000007FEF5AE0000-0x000007FEF647D000-memory.dmp

    Filesize

    9.6MB

    Download

  • memory/2652-11-0x000007FEF5AE0000-0x000007FEF647D000-memory.dmp

    Filesize

    9.6MB

    Download

  • memory/2652-12-0x000007FEF5AE0000-0x000007FEF647D000-memory.dmp

    Filesize

    9.6MB

    Download