Overview

overview

3

Static

static

1

readme/新...��.url

windows7-x64

1

readme/新...��.url

windows10-2004-x64

1

upload/dat...x.html

windows7-x64

3

upload/dat...x.html

windows10-2004-x64

3

upload/dat...x.html

windows7-x64

3

upload/dat...x.html

windows10-2004-x64

3

upload/dat...x.html

windows7-x64

3

upload/dat...x.html

windows10-2004-x64

3

upload/dat...x.html

windows7-x64

3

upload/dat...x.html

windows10-2004-x64

1

upload/dat...x.html

windows7-x64

3

upload/dat...x.html

windows10-2004-x64

3

upload/dat...x.html

windows7-x64

3

upload/dat...x.html

windows10-2004-x64

3

upload/dat...x.html

windows7-x64

3

upload/dat...x.html

windows10-2004-x64

3

upload/dat...x.html

windows7-x64

3

upload/dat...x.html

windows10-2004-x64

3

upload/dat...x.html

windows7-x64

3

upload/dat...x.html

windows10-2004-x64

3

upload/dat...x.html

windows7-x64

3

upload/dat...x.html

windows10-2004-x64

3

upload/dat...x.html

windows7-x64

3

upload/dat...x.html

windows10-2004-x64

3

upload/ded...it.vbs

windows7-x64

1

upload/ded...it.vbs

windows10-2004-x64

1

upload/ded...dd.ps1

windows7-x64

3

upload/ded...dd.ps1

windows10-2004-x64

3

upload/ded...do.ps1

windows7-x64

3

upload/ded...do.ps1

windows10-2004-x64

3

upload/ded...it.ps1

windows7-x64

3

upload/ded...it.ps1

windows10-2004-x64

3

Analysis

  • max time kernel
    120s
  • max time network
    123s
  • platform
    windows7_x64
  • resource
    win7-20240705-en
  • resource tags

    arch:x64arch:x86image:win7-20240705-enlocale:en-usos:windows7-x64system
  • submitted
    19-08-2024 02:19

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    upload/dede/archives_edit.ps1

  • Size

    5KB

  • MD5

    03a042f1656478f45816d1874a818387

  • SHA1

    fc1b4b7e818297e6e69e9af85570497ca6ce9ab6

  • SHA256

    970c68529c24997dc6e0e58f59d876ae9e4379eac651a827ff553b562bfbf686

  • SHA512

    c9aebcb8f0f7e40802407da027c6542d26d7e564477df5c63e485c9ab0b0d704efc790b2032567df8b5718f57a150c4d46898770d62c1bde5c4b609790b23b02

  • SSDEEP

    96:iOL++bmRMssOTK/qcB+07eljeDqyBH8bLrMNn8TaUSaVK1LTAYMo5vkCjV9xVqOO:7rSRLPm+0abfrKFdM6xjgUj5A

Score
3/10
execution

Malware Config

Signatures

  • Command and Scripting Interpreter: PowerShell 1 TTPs 1 IoCs

    Using powershell.exe command.

    execution
  • Suspicious behavior: EnumeratesProcesses 1 IoCs
  • Suspicious use of AdjustPrivilegeToken 1 IoCs

Processes

  • C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
    powershell.exe -ExecutionPolicy bypass -File C:\Users\Admin\AppData\Local\Temp\upload\dede\archives_edit.ps1
    1⤵
    • Command and Scripting Interpreter: PowerShell
    • Suspicious behavior: EnumeratesProcesses
    • Suspicious use of AdjustPrivilegeToken
    PID:2632

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • memory/2632-4-0x000007FEF5B6E000-0x000007FEF5B6F000-memory.dmp

    Filesize

    4KB

    Download

  • memory/2632-5-0x000000001B6B0000-0x000000001B992000-memory.dmp

    Filesize

    2.9MB

    Download

  • memory/2632-7-0x000007FEF58B0000-0x000007FEF624D000-memory.dmp

    Filesize

    9.6MB

    Download

  • memory/2632-6-0x0000000001FC0000-0x0000000001FC8000-memory.dmp

    Filesize

    32KB

    Download

  • memory/2632-8-0x000007FEF58B0000-0x000007FEF624D000-memory.dmp

    Filesize

    9.6MB

    Download

  • memory/2632-9-0x000007FEF58B0000-0x000007FEF624D000-memory.dmp

    Filesize

    9.6MB

    Download

  • memory/2632-10-0x000007FEF58B0000-0x000007FEF624D000-memory.dmp

    Filesize

    9.6MB

    Download

  • memory/2632-11-0x000007FEF58B0000-0x000007FEF624D000-memory.dmp

    Filesize

    9.6MB

    Download

  • memory/2632-12-0x000007FEF58B0000-0x000007FEF624D000-memory.dmp

    Filesize

    9.6MB

    Download