Analysis
-
max time kernel
122s -
max time network
128s -
platform
windows7_x64 -
resource
win7-20240704-en -
resource tags
arch:x64arch:x86image:win7-20240704-enlocale:en-usos:windows7-x64system -
submitted
07-08-2024 04:42
Static task
static1
Behavioral task
behavioral1
Sample
get.ps1
Resource
win7-20240704-en
windows7-x64
3 signatures
150 seconds
Behavioral task
behavioral2
Sample
get.ps1
Resource
win10v2004-20240802-en
windows10-2004-x64
31 signatures
150 seconds
General
-
Target
get.ps1
-
Size
1KB
-
MD5
6185481735a459173f53a4c39bf05ced
-
SHA1
73db56dcfb54cc4ed558f8e1ead3441b542a24e0
-
SHA256
825fd2904145a765334671e018e98e55ec62f4d1691d562431a71df0e47d3c86
-
SHA512
61c8c67e77aecb650eda46fecbbf436333e2fb41e63d88ee71a160528c2dddaeafdce0936ac2b8c0a7d6e9cb06d0a80bc5a330a91a936a840315724b7c8e7ecf
Score
3/10
Malware Config
Signatures
-
Suspicious behavior: EnumeratesProcesses 1 IoCs
Processes:
powershell.exepid process 2712 powershell.exe -
Suspicious use of AdjustPrivilegeToken 1 IoCs
Processes:
powershell.exedescription pid process Token: SeDebugPrivilege 2712 powershell.exe
Processes
Network
MITRE ATT&CK Matrix ATT&CK v13
Replay Monitor
Loading Replay Monitor...
Downloads
-
memory/2712-4-0x000007FEF5A0E000-0x000007FEF5A0F000-memory.dmpFilesize
4KB
-
memory/2712-5-0x000000001B300000-0x000000001B5E2000-memory.dmpFilesize
2.9MB
-
memory/2712-6-0x0000000002320000-0x0000000002328000-memory.dmpFilesize
32KB
-
memory/2712-7-0x000007FEF5750000-0x000007FEF60ED000-memory.dmpFilesize
9.6MB
-
memory/2712-8-0x000007FEF5750000-0x000007FEF60ED000-memory.dmpFilesize
9.6MB
-
memory/2712-9-0x000007FEF5750000-0x000007FEF60ED000-memory.dmpFilesize
9.6MB
-
memory/2712-11-0x000007FEF5750000-0x000007FEF60ED000-memory.dmpFilesize
9.6MB
-
memory/2712-10-0x000007FEF5750000-0x000007FEF60ED000-memory.dmpFilesize
9.6MB
-
memory/2712-12-0x000007FEF5750000-0x000007FEF60ED000-memory.dmpFilesize
9.6MB