Overview

overview

8

Static

static

1

9d05f72c58...e8.ps1

windows7-x64

3

9d05f72c58...e8.ps1

windows10-2004-x64

8

Analysis

  • max time kernel
    121s
  • max time network
    121s
  • platform
    windows7_x64
  • resource
    win7-20240903-en
  • resource tags

    arch:x64arch:x86image:win7-20240903-enlocale:en-usos:windows7-x64system
  • submitted
    13/09/2024, 01:35

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    9d05f72c586b7ba405c30117a9fe9550c44e7a2248f868e08268443abe1a3ce8.ps1

  • Size

    12KB

  • MD5

    cd7870e220fad26aae6ae1d03fa354b8

  • SHA1

    e011bc894a439d126718aeacf6c347ccdb08c72d

  • SHA256

    9d05f72c586b7ba405c30117a9fe9550c44e7a2248f868e08268443abe1a3ce8

  • SHA512

    03388389cbbd8dc5c77c4bc1ec9d943ad469e387501375c86b84a0098dc7e566e1f7aff9e166feb8132858d384c4a98d0e294f93e3e756337a894d59c03ec99d

  • SSDEEP

    192:7kPRNFcBiQS0DMO4k2xVflo2LZ4koB3lby8qB2H5oB3lbyAK2HmhoB3lbypK2HBc:7kLKOde6z4rpm3

Score
3/10
execution

Malware Config

Signatures

  • Command and Scripting Interpreter: PowerShell 1 TTPs 1 IoCs

    Using powershell.exe command.

    execution
  • Suspicious behavior: EnumeratesProcesses 1 IoCs
  • Suspicious use of AdjustPrivilegeToken 1 IoCs

Processes

  • C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
    powershell.exe -ExecutionPolicy bypass -File C:\Users\Admin\AppData\Local\Temp\9d05f72c586b7ba405c30117a9fe9550c44e7a2248f868e08268443abe1a3ce8.ps1
    1⤵
    • Command and Scripting Interpreter: PowerShell
    • Suspicious behavior: EnumeratesProcesses
    • Suspicious use of AdjustPrivilegeToken
    PID:2420

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • memory/2420-4-0x000007FEF621E000-0x000007FEF621F000-memory.dmp

    Filesize

    4KB

    Download

  • memory/2420-5-0x000000001B630000-0x000000001B912000-memory.dmp

    Filesize

    2.9MB

    Download

  • memory/2420-6-0x0000000002240000-0x0000000002248000-memory.dmp

    Filesize

    32KB

    Download

  • memory/2420-7-0x000007FEF5F60000-0x000007FEF68FD000-memory.dmp

    Filesize

    9.6MB

    Download

  • memory/2420-8-0x000007FEF5F60000-0x000007FEF68FD000-memory.dmp

    Filesize

    9.6MB

    Download

  • memory/2420-9-0x000007FEF5F60000-0x000007FEF68FD000-memory.dmp

    Filesize

    9.6MB

    Download

  • memory/2420-10-0x000007FEF5F60000-0x000007FEF68FD000-memory.dmp

    Filesize

    9.6MB

    Download

  • memory/2420-11-0x000007FEF5F60000-0x000007FEF68FD000-memory.dmp

    Filesize

    9.6MB

    Download