Overview

overview

3

Static

static

3

Rebel Crac...am.ps1

windows10-1703-x64

3

Rebel Crac...pe.exe

windows10-1703-x64

3

Analysis

  • max time kernel
    16s
  • max time network
    17s
  • platform
    windows10-1703_x64
  • resource
    win10-20240404-en
  • resource tags

    arch:x64arch:x86image:win10-20240404-enlocale:en-usos:windows10-1703-x64system
  • submitted
    28/08/2024, 21:15

Sharing

Copy URL Twitter E-mail
Report Analysis Logs

General

  • Target

    Rebel Cracked/Rebel pipe/Program.ps1

  • Size

    1KB

  • MD5

    c569291ac99bf01186cddf01dac09e9c

  • SHA1

    e73759b902294ca16e2aeedbefe095b0b9578def

  • SHA256

    b7414978c94b1cdf45bd1cede027f83bd166abda18f4aa58e5ac3f151a33d856

  • SHA512

    c5fd9f42ce5e61718a80261da84c235afd67bf2e2f6918e64133fbb546326106f083ad5cbff2c26759142005276a6be612a575906d1a4ed1cc8de829bfbef896

Score
3/10
execution

Malware Config

Signatures

  • Command and Scripting Interpreter: PowerShell 1 TTPs 1 IoCs

    Using powershell.exe command.

    execution
  • Suspicious behavior: EnumeratesProcesses 3 IoCs
  • Suspicious use of AdjustPrivilegeToken 1 IoCs

Processes

  • C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
    powershell.exe -ExecutionPolicy bypass -File "C:\Users\Admin\AppData\Local\Temp\Rebel Cracked\Rebel pipe\Program.ps1"
    1⤵
    • Command and Scripting Interpreter: PowerShell
    • Suspicious behavior: EnumeratesProcesses
    • Suspicious use of AdjustPrivilegeToken
    PID:1980

Network

        MITRE ATT&CK Enterprise v15

        Replay Monitor

        Loading Replay Monitor...

        Downloads

        • C:\Users\Admin\AppData\Local\Temp\__PSScriptPolicyTest_lyv33pit.tr3.ps1
          Filesize

          1B

          MD5

          c4ca4238a0b923820dcc509a6f75849b

          SHA1

          356a192b7913b04c54574d18c28d46e6395428ab

          SHA256

          6b86b273ff34fce19d6b804eff5a3f5747ada4eaa22f1d49c01e52ddb7875b4b

          SHA512

          4dff4ea340f0a823f15d3f4f01ab62eae0e5da579ccb851f8db9dfe84c58b2b37b89903a740e1ee172da793a6e79d560e5f7f9bd058a12a280433ed6fa46510a

          Download Submit

        • memory/1980-0-0x00007FFFCD8E3000-0x00007FFFCD8E4000-memory.dmp

          Filesize

          4KB

          Download

        • memory/1980-5-0x000001D246830000-0x000001D246852000-memory.dmp

          Filesize

          136KB

          Download

        • memory/1980-6-0x00007FFFCD8E0000-0x00007FFFCE2CC000-memory.dmp

          Filesize

          9.9MB

          Download

        • memory/1980-9-0x000001D246A00000-0x000001D246A76000-memory.dmp

          Filesize

          472KB

          Download

        • memory/1980-10-0x00007FFFCD8E0000-0x00007FFFCE2CC000-memory.dmp

          Filesize

          9.9MB

          Download

        • memory/1980-31-0x00007FFFCD8E0000-0x00007FFFCE2CC000-memory.dmp

          Filesize

          9.9MB

          Download

        • memory/1980-35-0x00007FFFCD8E0000-0x00007FFFCE2CC000-memory.dmp

          Filesize

          9.9MB

          Download