Overview
overview
5Static
static
5Release/Ad....0.exe
windows7-x64
3Release/Ad....0.exe
windows10-2004-x64
3Source/Ado....0.ps1
windows7-x64
3Source/Ado....0.ps1
windows10-2004-x64
3Source/RunAsTI.exe
windows7-x64
3Source/RunAsTI.exe
windows10-2004-x64
3缘本初�...��.url
windows7-x64
1缘本初�...��.url
windows10-2004-x64
1Analysis
-
max time kernel
120s -
max time network
121s -
platform
windows7_x64 -
resource
win7-20240708-en -
resource tags
arch:x64arch:x86image:win7-20240708-enlocale:en-usos:windows7-x64system -
submitted
12/09/2024, 02:55
Static task
static1
Behavioral task
behavioral1
Sample
Release/AdobeGenP-3.4.0.exe
Resource
win7-20240903-en
Behavioral task
behavioral2
Sample
Release/AdobeGenP-3.4.0.exe
Resource
win10v2004-20240802-en
Behavioral task
behavioral3
Sample
Source/AdobeGenP-3.4.0.ps1
Resource
win7-20240708-en
Behavioral task
behavioral4
Sample
Source/AdobeGenP-3.4.0.ps1
Resource
win10v2004-20240802-en
Behavioral task
behavioral5
Sample
Source/RunAsTI.exe
Resource
win7-20240903-en
Behavioral task
behavioral6
Sample
Source/RunAsTI.exe
Resource
win10v2004-20240802-en
Behavioral task
behavioral7
Sample
缘本初见︱分享实用好软件!ʷʷʷ.⁵²ʸᵇᶜʲ.ᶜᵒᵐ.url
Resource
win7-20240903-en
Behavioral task
behavioral8
Sample
缘本初见︱分享实用好软件!ʷʷʷ.⁵²ʸᵇᶜʲ.ᶜᵒᵐ.url
Resource
win10v2004-20240802-en
General
-
Target
Source/AdobeGenP-3.4.0.ps1
-
Size
71KB
-
MD5
d91245383dfcc472296db34a60558746
-
SHA1
316ccbaa309ab8070666993788d240dd6a760b61
-
SHA256
1e0ceabb65bcce0c367b7a8decc6c6fa4413d4b69993dac15980215f87ef62f7
-
SHA512
d184d7c7eabb29a3307aa1622e0b1244f0e0650fd17bf992b246ee8edd5ba5817d0e7f6671843095d712c8010a7f38c6eb194b02df1ee57235ef4342ed98214a
-
SSDEEP
1536:y8Gz9hYbcpvSwKVLouPbusYWugo9zfmR7vNY7t:KaVLLPbusYWugo9rmR7vO
Malware Config
Signatures
-
pid Process 2972 powershell.exe -
Suspicious behavior: EnumeratesProcesses 1 IoCs
pid Process 2972 powershell.exe -
Suspicious use of AdjustPrivilegeToken 1 IoCs
description pid Process Token: SeDebugPrivilege 2972 powershell.exe
Processes
-
C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exepowershell.exe -ExecutionPolicy bypass -File C:\Users\Admin\AppData\Local\Temp\Source\AdobeGenP-3.4.0.ps11⤵
- Command and Scripting Interpreter: PowerShell
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of AdjustPrivilegeToken
PID:2972