Overview

overview

10

Static

static

1

3d641dae18...9d.ps1

windows7-x64

3

3d641dae18...9d.ps1

windows10-2004-x64

10

Analysis

  • max time kernel
    122s
  • max time network
    127s
  • platform
    windows7_x64
  • resource
    win7-20240903-en
  • resource tags

    arch:x64arch:x86image:win7-20240903-enlocale:en-usos:windows7-x64system
  • submitted
    23-09-2024 18:34

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    3d641dae182ce73851fcfb842ba19ba70f0e5c2b02730fc66948cec688d3949d.ps1

  • Size

    1.2MB

  • MD5

    8481d9764cda27d097559253f6c5804a

  • SHA1

    813e576e5f5ee54ee74ead61e30b6e3d04a377a3

  • SHA256

    3d641dae182ce73851fcfb842ba19ba70f0e5c2b02730fc66948cec688d3949d

  • SHA512

    3a0b4eb5fd1e01656256308c40e5eca3eb036e33fe686ce22dc6223b2057359db0da020aab8d80c1c68f0b60b17565bf37c60e76224b4fecb5c320c52d9cd282

  • SSDEEP

    12288:l1zabLuoWRUFTNEbBgBLriOlZX9bfWizIq7Q6QXRfThcjLIq20nDcsOSv3UZ5lTC:uV7TOZG

Score
3/10
execution

Malware Config

Signatures

  • Command and Scripting Interpreter: PowerShell 1 TTPs 1 IoCs

    Using powershell.exe command.

    execution
  • Suspicious behavior: EnumeratesProcesses 1 IoCs
  • Suspicious use of AdjustPrivilegeToken 1 IoCs

Processes

  • C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
    powershell.exe -ExecutionPolicy bypass -File C:\Users\Admin\AppData\Local\Temp\3d641dae182ce73851fcfb842ba19ba70f0e5c2b02730fc66948cec688d3949d.ps1
    1⤵
    • Command and Scripting Interpreter: PowerShell
    • Suspicious behavior: EnumeratesProcesses
    • Suspicious use of AdjustPrivilegeToken
    PID:3064

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • memory/3064-4-0x000007FEF524E000-0x000007FEF524F000-memory.dmp

    Filesize

    4KB

    Download

  • memory/3064-5-0x000000001B160000-0x000000001B442000-memory.dmp

    Filesize

    2.9MB

    Download

  • memory/3064-7-0x000007FEF4F90000-0x000007FEF592D000-memory.dmp

    Filesize

    9.6MB

    Download

  • memory/3064-6-0x0000000002390000-0x0000000002398000-memory.dmp

    Filesize

    32KB

    Download

  • memory/3064-8-0x000007FEF4F90000-0x000007FEF592D000-memory.dmp

    Filesize

    9.6MB

    Download

  • memory/3064-9-0x000007FEF4F90000-0x000007FEF592D000-memory.dmp

    Filesize

    9.6MB

    Download

  • memory/3064-10-0x000007FEF4F90000-0x000007FEF592D000-memory.dmp

    Filesize

    9.6MB

    Download

  • memory/3064-11-0x000007FEF4F90000-0x000007FEF592D000-memory.dmp

    Filesize

    9.6MB

    Download

  • memory/3064-12-0x000000001B610000-0x000000001B61A000-memory.dmp

    Filesize

    40KB

    Download

  • memory/3064-13-0x000007FEF4F90000-0x000007FEF592D000-memory.dmp

    Filesize

    9.6MB

    Download