Overview

overview

10

Static

static

10

TsxJNxhxMJfQTd.ps1

windows7-x64

3

TsxJNxhxMJfQTd.ps1

windows10-2004-x64

3

Analysis

  • max time kernel
    117s
  • max time network
    131s
  • platform
    windows7_x64
  • resource
    win7-20240708-en
  • resource tags

    arch:x64arch:x86image:win7-20240708-enlocale:en-usos:windows7-x64system
  • submitted
    04-10-2024 12:08

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    TsxJNxhxMJfQTd.ps1

  • Size

    4KB

  • MD5

    17d3f87acd313ee41cd349bc10f5b5ee

  • SHA1

    ba3e2b9bbc75c15268161bf5bbbad43998f08b03

  • SHA256

    056451b28c4bfe6bf1536c1d67b33f312a06c656cd3c633f40cc5f5b85c6528b

  • SHA512

    8a21664db5992c5facd47be958498d2d526f0f35bb069e2523331813f2a24fd7a6fa7612de797b93d3addf3170ddaa1fee65eae4da4b3f6ee1f999c918ffad0a

  • SSDEEP

    96:c0uhKcyIPxPTXYmjPbxPL33eB42PL3Hex9yz/3eB42PL3Hex9y2Qj:c0K1xPTYmbdPL33SPL3HSyz/3SPL3HS6

Score
3/10
discoveryexecution

Malware Config

Signatures

  • Command and Scripting Interpreter: PowerShell 1 TTPs 2 IoCs

    Using powershell.exe command.

    execution
  • System Location Discovery: System Language Discovery 1 TTPs 1 IoCs

    Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

    discovery
  • Modifies Internet Explorer settings 1 TTPs 34 IoCs
    adwarespyware
  • Suspicious behavior: EnumeratesProcesses 2 IoCs
  • Suspicious use of AdjustPrivilegeToken 2 IoCs
  • Suspicious use of FindShellTrayWindow 1 IoCs
  • Suspicious use of SetWindowsHookEx 6 IoCs
  • Suspicious use of WriteProcessMemory 13 IoCs

Processes

  • C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
    powershell.exe -ExecutionPolicy bypass -File C:\Users\Admin\AppData\Local\Temp\TsxJNxhxMJfQTd.ps1
    1⤵
    • Command and Scripting Interpreter: PowerShell
    • Suspicious behavior: EnumeratesProcesses
    • Suspicious use of AdjustPrivilegeToken
    • Suspicious use of WriteProcessMemory
    PID:2660
    • C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
      "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" -s -NoLogo -NoProfile
      2⤵
      • Command and Scripting Interpreter: PowerShell
      • Suspicious behavior: EnumeratesProcesses
      • Suspicious use of AdjustPrivilegeToken
      PID:2808
    • C:\Program Files\Internet Explorer\iexplore.exe
      "C:\Program Files\Internet Explorer\iexplore.exe" https://www.wsj.com/
      2⤵
      • Modifies Internet Explorer settings
      • Suspicious use of FindShellTrayWindow
      • Suspicious use of SetWindowsHookEx
      • Suspicious use of WriteProcessMemory
      PID:2568
      • C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
        "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2568 CREDAT:275457 /prefetch:2
        3⤵
        • System Location Discovery: System Language Discovery
        • Modifies Internet Explorer settings
        • Suspicious use of SetWindowsHookEx
        PID:2608
    • C:\Windows\system32\wermgr.exe
      "C:\Windows\system32\wermgr.exe" "-outproc" "2660" "1300"
      2⤵
        PID:2388

    Network

    MITRE ATT&CK Enterprise v15

    Replay Monitor

    Loading Replay Monitor...

    Downloads

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
      Filesize

      342B

      MD5

      93895390198384e5f0daed6a3206bb67

      SHA1

      89ec13e217f2b019f4e27c96957d4f33ab8c4f2e

      SHA256

      289a9f1bdcb8b6c4fd1187fc422a2dedc5b06b9e3d8a917b30f45488b7c7b00e

      SHA512

      b20cf1384955dd5ad3ec1c850bccb9675d9a0c98dde6d4b74f72981c561b0605387df77e5be91435afa167bf2f025aaec403766f90d2e6f9afd50109667c14c6

      Download Submit

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
      Filesize

      342B

      MD5

      492025c7ba639e971c6b241c4e98f16c

      SHA1

      b9779bdc5c9ebdee491a6b573453b06eac3fa416

      SHA256

      ce4a12d1015d204c66a208256d1c4431585e7c65a291c4c2ec5fdd8acaf50f92

      SHA512

      91cd9c216b64156f19b712fa712e7f37c3408785a36ddc43960a4c0b41ef01307de7f451c7c7e1914d73d99ade51ac74d232c9e1d487d387a05d2b048c0b4916

      Download Submit

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
      Filesize

      342B

      MD5

      ef85738ab61907f51440ca75ebd3f2f6

      SHA1

      54308cc98ee3b822784323c076baa72b930e4a43

      SHA256

      4ab3a7f55519a1ebbac1c6523dba8b61269c93be8e9aede011dcd857c89b3185

      SHA512

      7a5d7887f99c928d52b513320c0807a51b89781300e16e59dd1ee87c8490d95f0ddfe87cdd22cb83be66b7658a5c9cc5182e38c365a742a5eb44e8af8567281a

      Download Submit

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
      Filesize

      342B

      MD5

      0135fdf2a84e16a777b96516bfeabf85

      SHA1

      152cadf83be56a65d3aafeceb1cfa71d3c381f1d

      SHA256

      087c3c27b1960d6e54b86e3b02a995e2eb9204f5e148d42434cd0997d4112611

      SHA512

      96ea1b7a912b656c2277b9f68d36509b9d0112758af809e6f73b6bdecdb6c7732d3fa331a5d849869f33fb09c4f19766e0c783c1f1bfe647666f265cec3f9cea

      Download Submit

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
      Filesize

      342B

      MD5

      e4beb90e3414ecfc91f63b417995d6de

      SHA1

      9348d4581411be41410bd17b9828871f92b07024

      SHA256

      75c54e461fb76490e8a282668a2a1f0250375cd975a9efb684d60624703000df

      SHA512

      62187049b066679fa62e49ec99b65998b56d4276915451e81e5a1d7348a1e9c9b4f123b5fb8ef25ba0b811c02aff78a009acd896640ebc5abb5c773cb85e11b4

      Download Submit

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
      Filesize

      342B

      MD5

      f5b869373ecd7ceeb64c9b5af4bff49d

      SHA1

      89b6f91bfe35caeb133f38bbe22b7737198963df

      SHA256

      48872f71ecd4d7b831ba44bae8a7bf01624f0b7c8000ee071b95477f26838b1d

      SHA512

      1931f40450a706a9fb6d53d3475d7fe202794f8a6876cea9086e1f6241d3527191141dc4118ecaa94ada8ac3b1e7286dc4448018fad17247dd600a980ad76b9d

      Download Submit

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
      Filesize

      342B

      MD5

      7f41b65503b870712e302325fd68f00b

      SHA1

      0f12181f0189842a52ff4cf20982a21b558073ba

      SHA256

      dacb54d2a0b0adec42f56d1190908bdd1faf91d2e3dd6f4106c0ea9a15081f46

      SHA512

      2b7e64859a99c0183474c7df12078565a3b35a6b482b91d00d3d1f5908e4845fac293e7f16ed6c66c6b05b7eec922835c47424aecd420ff3e6089900a35d46d3

      Download Submit

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
      Filesize

      342B

      MD5

      befbc7d642f80db86942c30152b7d28d

      SHA1

      a1f38a260a29c931f95b65c9985485d5b5feb654

      SHA256

      3c58b03694e464e5bb8be097d6aa563f12a1901ebbbfa9f67ecb3bae1b2e7a0b

      SHA512

      658466ebe8cb2db382f005bc41e318d012397373e860d30b235b804c50aab523c70774ff317be0bfc6ba28a436a0a80ab2293dbb4f6d2f9c0f10edf5e54504ac

      Download Submit

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
      Filesize

      342B

      MD5

      9c0f70f94042a816f79e2ff765440389

      SHA1

      26cbdc8432dbc75741ebe8b405ea13ede35c94b1

      SHA256

      3feb6c07aa1332462e576604dcd01d159e74d0afc2150f9e3009c49e39c10b14

      SHA512

      0c8e70bad41a765294fdcbe426a9ee3bd8a7f47036f3977a85a5df99c35fd6a995fb629ced0029b1635a0fb67d8a5b327430db5f416fd61fd08e522dbc1287c5

      Download Submit

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
      Filesize

      342B

      MD5

      620a8a7414e5d324c26706b0bb797a1f

      SHA1

      bb5b3a6ee762ddc69894c2b6fc669b0b0236fd5e

      SHA256

      32c9646717251feecded4098ec9b37aef584d26609c6bca0d11ac6c6e750029a

      SHA512

      46a8e19a4d5fc5fd6eb48ffcb883df6d2238fcc51fefd07138d5d25e1f14cc492e234ea8606889c1518dcf6e736e71be263f2aa6b2719e8a8308a3d7c10020d0

      Download Submit

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
      Filesize

      342B

      MD5

      304e01c4db678c895092ae786b3ab161

      SHA1

      a6cf0d79aaa870df30ef70144058fde9668a00e2

      SHA256

      323a966e7cf413648800068ef7914d2a251db6fa923e132a840e5b0cd8c42dd0

      SHA512

      f7d98f07aac5fba5d5dab3e9b7e93de689e0c71b695bc0863005901c31e499f8c4b3d42b56d1b807c9ef84473aa294c4e23f42d1d33361d265a2c08ea0ad68ce

      Download Submit

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
      Filesize

      342B

      MD5

      dcf8b65aa5f890371c72c88e0e7863f6

      SHA1

      f83333d0568f298939a98571de1b38adbeb0c65e

      SHA256

      a9e3840ebb1055009ed36a07491adb8b449df9d108a6787a3614dd6e1720bb34

      SHA512

      6a874444aac822fd2b8d48fd02d43f2706b000bc27a57e78a10617ed10ca835c4e8bf04a454e8f6fac39f684a45d35bf94843aeaa370e56a8335bef4cc852d56

      Download Submit

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
      Filesize

      342B

      MD5

      33052959e33472224efcb059aa17518f

      SHA1

      dce09169308f650612757363d634f1b44b7c4835

      SHA256

      1b6329bcbc270cceaa7baef6bcf50705abd289a42180e7c575dda382d29e26f7

      SHA512

      39b67f196574a603f6db6fe2b1ae59ebaf2e12d45620ee312bf2cc17257b4603c10be3b8f78de2d54bfb9506b93d63b683f3189a184b4700712cfd7479a9b4e2

      Download Submit

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
      Filesize

      342B

      MD5

      ab03b74407fa0be1de394cc2cbf438ca

      SHA1

      6099867f154669d537c40c02c556555817adb245

      SHA256

      52143c29a2ad8ff36f815a5aa9c6382dd6e7359d7a293bbb1076c6249c12fd3c

      SHA512

      46a13bb39e7b5402f4d22dbedbce189817b99d6cf411e16b6527c5b99737a018be7aa7ef2d8763cdb21e2fcdbeaae9e27089f1e5c238aaed417260942f442394

      Download Submit

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
      Filesize

      342B

      MD5

      44e07bf027ddf3577fefdef9a540f9be

      SHA1

      60e353fdc254219b0a3a389e11e16369ead33556

      SHA256

      ebeec67d748506a6ca75e6f452b75c222da2881a13ddda119158561f99424d47

      SHA512

      1f052268f687484dc7724d8208b7fe3fa6fc6d17e4f07071e8a1c71e30b9e34a7995977587a8a740a06e1acb376b1952caa86110d563c889198cb638153025ed

      Download Submit

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
      Filesize

      342B

      MD5

      ccda34ff447de9b15022358baedb0d7d

      SHA1

      b22c79bc2473e0a233b0910d1e6662005fd10439

      SHA256

      c796f695e3d150b5f3e6fba8f8ab76838ac2048efd94bb489f9fe484f1fd7fb0

      SHA512

      fdb5a3a50c2c402362d8cfa2d9c4f10131ea1dcb3d25b1083aa9ec0f69c72aeb278609949a38c50597651ac2aba743c07cb12d917a7f4d7680cc545a6124c891

      Download Submit

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
      Filesize

      342B

      MD5

      07920bbcd673279dc01a312abd38d015

      SHA1

      54a4de7666ec2e45a9f7385219fe6d1fb69f2129

      SHA256

      260b06ee270ddf2d90a21a697d4cc7a5217751c942dffac1e0292f9719e7b31b

      SHA512

      5bbf1ba757f1bbce1a8aad80d5be7185a3319bb7bb5303bcdbd426dbd28e36b13fa053237d9154a9883335398ad819550b032f18b50be15f5dfeeacd474a9f98

      Download Submit

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
      Filesize

      342B

      MD5

      4e6b42f99e0640ed45d308f7e30ba74c

      SHA1

      8af5492acad621cdfb7ac7c9ea4c8763744c00c3

      SHA256

      834560fe48c03e6dcb5db0566918939d0efb0a26727e5fc47e7e425c24b4e782

      SHA512

      01a854341282c40fa4e93ae0d1b39a6a129609b96b5ac60467ea670938950ab38523cf06003842f0dd4681ea055f816278bd4df995dba2cc9aa170efdec56ac8

      Download Submit

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
      Filesize

      342B

      MD5

      e3c955b34031143630411c950c997287

      SHA1

      08d9548763e7e9a0c869a0f8b567bb2d5d554eaa

      SHA256

      c92ef32f08a2e2287e95044223beda8379b81411b412f61350ef103d2c766e82

      SHA512

      0d93f6fcfe9981522ea46588a254a60fa6f7ce91cdacc0c407328347bd353b6b7e9f66b4092f1ff3bdde4c0d0a9f54d67c9068f9f43bce3438d1afb8bf9a197a

      Download Submit

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
      Filesize

      342B

      MD5

      5af5891e49e51fada9a50c2b3ddff3b2

      SHA1

      04668966b6734263e8acd9a6a4abbca7723cf4ef

      SHA256

      04e340a83801d2b46b44c150ea514c8001876b16d7c9d94cb8cd49a29376265b

      SHA512

      9a0a8a014e687c553aa4bbed5a6425bc2a5b8d7a59989e254bb09dca8f39e01502e9cd09c6624322f42b741d51d1547d5580f6b870fa1c0d2af5b2f910f7d09c

      Download Submit

    • C:\Users\Admin\AppData\Local\Temp\Cab2A5E.tmp
      Filesize

      70KB

      MD5

      49aebf8cbd62d92ac215b2923fb1b9f5

      SHA1

      1723be06719828dda65ad804298d0431f6aff976

      SHA256

      b33efcb95235b98b48508e019afa4b7655e80cf071defabd8b2123fc8b29307f

      SHA512

      bf86116b015fb56709516d686e168e7c9c68365136231cc51d0b6542ae95323a71d2c7acec84aad7dcecc2e410843f6d82a0a6d51b9acfc721a9c84fdd877b5b

      Download Submit

    • C:\Users\Admin\AppData\Local\Temp\OutofProcReport259463362.txt
      Filesize

      1KB

      MD5

      95a03d29fb02496e768ef08e62e2023c

      SHA1

      765c917ea6d0b285c52de3a57224136248f361ef

      SHA256

      7aac387547913e7f6825f8428d8750041a5ddb82ddbf2c8bcc741001b34ff0c2

      SHA512

      54a0242e969b86bbd6dbeaff82257642338af1967ab162f4ed1e0f788172d4adfebaff56c7e11ccfaa86531ef669e359a35eb7a5343abf3bb13754b05cd9809d

      Download Submit

    • C:\Users\Admin\AppData\Local\Temp\Tar2AFD.tmp
      Filesize

      181KB

      MD5

      4ea6026cf93ec6338144661bf1202cd1

      SHA1

      a1dec9044f750ad887935a01430bf49322fbdcb7

      SHA256

      8efbc21559ef8b1bcf526800d8070baad42474ce7198e26fa771dbb41a76b1d8

      SHA512

      6c7e0980e39aacf4c3689802353f464a08cd17753bd210ee997e5f2a455deb4f287a9ef74d84579dbde49bc96213cd2b8b247723919c412ea980aa6e6bfe218b

      Download Submit

    • C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\2OH2AN490U7SGKUX2L7X.temp
      Filesize

      7KB

      MD5

      052724303ade8b1483ab317ed343fa14

      SHA1

      881664bac426bb5cefbf5ee648b72cc0a63eb582

      SHA256

      13f48a66f590863110d72d4c3b6fccd31ff1b2a9d0a0aa4415d85ecb6b3bfef2

      SHA512

      7994947ef9d67256f32da25874c9678b2fda36121430b6a15aaf09e8ead2ff541db7217ae49f30369120db31e7806f8e5a6951483cf1789faf792cb6fccc06df

      Download Submit

    • memory/2660-6-0x00000000027E0000-0x00000000027E8000-memory.dmp

      Filesize

      32KB

      Download

    • memory/2660-7-0x000007FEF5600000-0x000007FEF5F9D000-memory.dmp

      Filesize

      9.6MB

      Download

    • memory/2660-5-0x000000001B540000-0x000000001B822000-memory.dmp

      Filesize

      2.9MB

      Download

    • memory/2660-4-0x000007FEF58BE000-0x000007FEF58BF000-memory.dmp

      Filesize

      4KB

      Download

    • memory/2660-25-0x000007FEF5600000-0x000007FEF5F9D000-memory.dmp

      Filesize

      9.6MB

      Download

    • memory/2660-8-0x000007FEF5600000-0x000007FEF5F9D000-memory.dmp

      Filesize

      9.6MB

      Download

    • memory/2660-9-0x000007FEF5600000-0x000007FEF5F9D000-memory.dmp

      Filesize

      9.6MB

      Download

    • memory/2660-10-0x000007FEF5600000-0x000007FEF5F9D000-memory.dmp

      Filesize

      9.6MB

      Download

    • memory/2660-11-0x000000001BC40000-0x000000001BC72000-memory.dmp

      Filesize

      200KB

      Download

    • memory/2660-12-0x000000001BC40000-0x000000001BC72000-memory.dmp

      Filesize

      200KB

      Download

    • memory/2808-26-0x000007FEF5600000-0x000007FEF5F9D000-memory.dmp

      Filesize

      9.6MB

      Download

    • memory/2808-18-0x000007FEF5600000-0x000007FEF5F9D000-memory.dmp

      Filesize

      9.6MB

      Download