3e4fbd7bde760cf8340ad50680300a7f221925c0ee3ef2ff9d30d4cce9d6c094

Analysis

max time kernel
121s
max time network
123s
platform
windows7_x64
resource
win7-20240708-en
resource tags

arch:x64arch:x86image:win7-20240708-enlocale:en-usos:windows7-x64system
submitted
11/08/2024, 01:46

Target

admin/comment.ps1
Size

2KB
MD5

3a84264c3b37cdffe7ab08710e208532
SHA1

2b097fcb8a71c6525124f96f414f871be9c47035
SHA256

9c72e0ddae9ea1e14369ac9946f8cee383a6545bde69481b6e4cc02b956a5c2e
SHA512

94991ce18d2c08f8c0b17385c1354993ed3b1a4612c38eed1a7a9735149f50498e474a8ff054edb5a7875535ec941ae2f61798eb4c0fdc914fe25cf2024ba1fd

Score

3^/10

execution

Command and Scripting Interpreter: PowerShell 1 TTPs 1 IoCs

Using powershell.exe command.

PowerShell

pid	Process
2272	powershell.exe

Suspicious behavior: EnumeratesProcesses 1 IoCs

pid	Process
2272	powershell.exe

Suspicious use of AdjustPrivilegeToken 1 IoCs

description	pid	Process
Token: SeDebugPrivilege	2272	powershell.exe

Reconnaissance

Resource Development

Initial Access

Execution

Command and Scripting Interpreter

PowerShell

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

memory/2272-4-0x000007FEF547E000-0x000007FEF547F000-memory.dmp

Filesize
4KB

Download
memory/2272-6-0x0000000001E80000-0x0000000001E88000-memory.dmp

Filesize
32KB

Download
memory/2272-5-0x000000001B740000-0x000000001BA22000-memory.dmp

Filesize
2.9MB

Download
memory/2272-7-0x000007FEF51C0000-0x000007FEF5B5D000-memory.dmp

Filesize
9.6MB

Download
memory/2272-8-0x000007FEF51C0000-0x000007FEF5B5D000-memory.dmp

Filesize
9.6MB

Download
memory/2272-9-0x000007FEF51C0000-0x000007FEF5B5D000-memory.dmp

Filesize
9.6MB

Download
memory/2272-10-0x000007FEF51C0000-0x000007FEF5B5D000-memory.dmp

Filesize
9.6MB

Download
memory/2272-11-0x000007FEF51C0000-0x000007FEF5B5D000-memory.dmp

Filesize
9.6MB

Download
memory/2272-12-0x000007FEF51C0000-0x000007FEF5B5D000-memory.dmp

Filesize
9.6MB

Download