ea97abf8e5fa90954e975fa5e60f054e99df727ebc38edf0efdfab3cc9e40b10

Analysis

max time kernel
150s
max time network
151s
platform
windows10-2004_x64
resource
win10v2004-20240802-en
resource tags

arch:x64arch:x86image:win10v2004-20240802-enlocale:en-usos:windows10-2004-x64system
submitted
18/08/2024, 14:22

Target

admin/database.mo.ps1
Size

11KB
MD5

bad4a8a68a9dd35f7ba7bf9c605b8284
SHA1

59855e71f4d63f94e8cc5776bf8e80b1ee8aa691
SHA256

f7118fd492876aa8d35368c0c105b9c9d77129902817e3d9f60f48bd04659124
SHA512

dcfd6900d8b2775194daa6cfe8b65003fa743d8fe950a98539d7ed6f04df3e8b1eb3cc1ae4207917a3cd842ea1287bebfec8c4a6c30467fed64dd132723d1b57
SSDEEP

192:QBHrmqqHxjdSt279dRUb2duw1+kD8TxjiCc42Qu3mES+8pkrl:mHrmP1dUMdcGuw1+kDQjij42V3mn+Qkp

Score

3^/10

execution

Command and Scripting Interpreter: PowerShell 1 TTPs 1 IoCs

Using powershell.exe command.

PowerShell

pid	Process
2856	powershell.exe

Suspicious behavior: EnumeratesProcesses 2 IoCs

pid	Process
2856	powershell.exe
2856	powershell.exe

Suspicious use of AdjustPrivilegeToken 1 IoCs

description	pid	Process
Token: SeDebugPrivilege	2856	powershell.exe

Reconnaissance

Resource Development

Initial Access

Execution

Command and Scripting Interpreter

PowerShell

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

C:\Users\Admin\AppData\Local\Temp\__PSScriptPolicyTest_i0zo4ogx.ta1.ps1

Filesize
60B

MD5
d17fe0a3f47be24a6453e9ef58c94641

SHA1
6ab83620379fc69f80c0242105ddffd7d98d5d9d

SHA256
96ad1146eb96877eab5942ae0736b82d8b5e2039a80d3d6932665c1a4c87dcf7

SHA512
5b592e58f26c264604f98f6aa12860758ce606d1c63220736cf0c779e4e18e3cec8706930a16c38b20161754d1017d1657d35258e58ca22b18f5b232880dec82

Download Submit
memory/2856-0-0x00007FFD61933000-0x00007FFD61935000-memory.dmp

Filesize
8KB

Download
memory/2856-10-0x0000020BC7510000-0x0000020BC7532000-memory.dmp

Filesize
136KB

Download
memory/2856-11-0x00007FFD61930000-0x00007FFD623F1000-memory.dmp

Filesize
10.8MB

Download
memory/2856-12-0x00007FFD61930000-0x00007FFD623F1000-memory.dmp

Filesize
10.8MB

Download
memory/2856-13-0x00007FFD61930000-0x00007FFD623F1000-memory.dmp

Filesize
10.8MB

Download
memory/2856-16-0x00007FFD61930000-0x00007FFD623F1000-memory.dmp

Filesize
10.8MB

Download