8be263d47f662d5b4e2309323481d466cd3d7a3ce232cba85b248e60ee26ecb7

Analysis

max time kernel
121s
max time network
123s
platform
windows7_x64
resource
win7-20240708-en
resource tags

arch:x64arch:x86image:win7-20240708-enlocale:en-usos:windows7-x64system
submitted
13/09/2024, 07:45

Target

iwebsns/action/event/event_update_photo.action.ps1
Size

1003B
MD5

79d0b02ab1c40a3d6023c9bfb723ca1e
SHA1

a7ffd0649af10ff6fdd02c19dd1a6eb79ce919c3
SHA256

e418e20840864f991aa945b4325231403ab07513c95281d6ab30c1e07d1a2409
SHA512

20ffa88b877d6523d3fd8332fd60caf5dbb937f88b6418dece422f27ef7aec5f5d959d6a7616529b3cd660ef71901eb5e15de9ae7748c07c0e0810a294c53c31

Score

3^/10

execution

Command and Scripting Interpreter: PowerShell 1 TTPs 1 IoCs

Using powershell.exe command.

PowerShell

pid	Process
3024	powershell.exe

Suspicious behavior: EnumeratesProcesses 1 IoCs

pid	Process
3024	powershell.exe

Suspicious use of AdjustPrivilegeToken 1 IoCs

description	pid	Process
Token: SeDebugPrivilege	3024	powershell.exe

Reconnaissance

Resource Development

Initial Access

Execution

Command and Scripting Interpreter

PowerShell

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

memory/3024-4-0x000007FEF6A9E000-0x000007FEF6A9F000-memory.dmp

Filesize
4KB

Download
memory/3024-5-0x000000001B650000-0x000000001B932000-memory.dmp

Filesize
2.9MB

Download
memory/3024-7-0x000007FEF67E0000-0x000007FEF717D000-memory.dmp

Filesize
9.6MB

Download
memory/3024-6-0x0000000002070000-0x0000000002078000-memory.dmp

Filesize
32KB

Download
memory/3024-8-0x000007FEF67E0000-0x000007FEF717D000-memory.dmp

Filesize
9.6MB

Download
memory/3024-9-0x000007FEF67E0000-0x000007FEF717D000-memory.dmp

Filesize
9.6MB

Download
memory/3024-10-0x000007FEF67E0000-0x000007FEF717D000-memory.dmp

Filesize
9.6MB

Download
memory/3024-11-0x000007FEF67E0000-0x000007FEF717D000-memory.dmp

Filesize
9.6MB

Download
memory/3024-12-0x000007FEF67E0000-0x000007FEF717D000-memory.dmp

Filesize
9.6MB

Download