7821d35c1866a3ecd43b15d6a171fd9f11d70907105cc27f6b7f0760ca86bccd

Analysis

max time kernel
119s
max time network
126s
platform
windows7_x64
resource
win7-20241010-en
resource tags

arch:x64arch:x86image:win7-20241010-enlocale:en-usos:windows7-x64system
submitted
18-10-2024 02:00

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

Variabelforklaringen.ps1
Size

51KB
MD5

b38fc73651b54a201ea1815e9fbdb7e1
SHA1

11dcb7973511a7f58eacd0c6b519d4c57b843ece
SHA256

3cd2de55689d75d77cd308184060364fcf48b990e025e918233e528a3373a27b
SHA512

0e6055ab2c490f2c67184e3dea070f6b0d9cd0e557e1c51d792da53c4674d844d8d5c9a5dd036261437db2bb7b8b8e0425168ac143da01b2b1ce116540989b1d
SSDEEP

1536:wzAstLJaBT7rCnMxEVnq50oJbvVWezp1PQwQ66FkvKbzd:wcsOTgYEVqnYc/Pw7zd

Score

3^/10

execution

Malware Config

Signatures

Command and Scripting Interpreter: PowerShell 1 TTPs 1 IoCs

Using powershell.exe command.

execution

PowerShell

T1059.001

pid	Process
2208	powershell.exe

Suspicious behavior: EnumeratesProcesses 2 IoCs

pid	Process
2208	powershell.exe
2208	powershell.exe

Suspicious use of AdjustPrivilegeToken 1 IoCs

description	pid	Process
Token: SeDebugPrivilege	2208	powershell.exe

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 2208 wrote to memory of 2932	2208	powershell.exe	31
PID 2208 wrote to memory of 2932	2208	powershell.exe	31
PID 2208 wrote to memory of 2932	2208	powershell.exe	31

C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
powershell.exe -ExecutionPolicy bypass -File C:\Users\Admin\AppData\Local\Temp\Variabelforklaringen.ps1
1⤵
- Command and Scripting Interpreter: PowerShell
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
PID:2208
- C:\Windows\system32\wermgr.exe
  "C:\Windows\system32\wermgr.exe" "-outproc" "2208" "912"
  2⤵
  PID:2932

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Command and Scripting Interpreter

T1059

PowerShell

T1059.001

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\OutofProcReport259495633.txt

Filesize
1KB

MD5
483e233691592cc8daca14bf00df5f66

SHA1
c63aeecff06e798bf319028022056759f7d8edea

SHA256
6a6d481eb8bc33ba916eec5bc76ca8fa4f2bbb787e9e08599b9be0babeaf679d

SHA512
e8e64ee06f416c611e3fcd0e93d7666fab062f48449568be86b634baad27ae085530c0aa3ce02e43fa44f1e7afdc29157129ab512118a9ed6b8c0043f61cca45

Download Submit
memory/2208-12-0x000007FEF5560000-0x000007FEF5EFD000-memory.dmp

Filesize
9.6MB

Download
memory/2208-9-0x000007FEF5560000-0x000007FEF5EFD000-memory.dmp

Filesize
9.6MB

Download
memory/2208-7-0x000007FEF5560000-0x000007FEF5EFD000-memory.dmp

Filesize
9.6MB

Download
memory/2208-8-0x000007FEF5560000-0x000007FEF5EFD000-memory.dmp

Filesize
9.6MB

Download
memory/2208-13-0x000007FEF5560000-0x000007FEF5EFD000-memory.dmp

Filesize
9.6MB

Download
memory/2208-11-0x000007FEF5560000-0x000007FEF5EFD000-memory.dmp

Filesize
9.6MB

Download
memory/2208-6-0x0000000001EC0000-0x0000000001EC8000-memory.dmp

Filesize
32KB

Download
memory/2208-4-0x000007FEF581E000-0x000007FEF581F000-memory.dmp

Filesize
4KB

Download
memory/2208-10-0x000007FEF5560000-0x000007FEF5EFD000-memory.dmp

Filesize
9.6MB

Download
memory/2208-14-0x000007FEF5560000-0x000007FEF5EFD000-memory.dmp

Filesize
9.6MB

Download
memory/2208-15-0x000007FEF5560000-0x000007FEF5EFD000-memory.dmp

Filesize
9.6MB

Download
memory/2208-16-0x000007FEF581E000-0x000007FEF581F000-memory.dmp

Filesize
4KB

Download
memory/2208-17-0x000007FEF5560000-0x000007FEF5EFD000-memory.dmp

Filesize
9.6MB

Download
memory/2208-20-0x000007FEF5560000-0x000007FEF5EFD000-memory.dmp

Filesize
9.6MB

Download
memory/2208-5-0x000000001B380000-0x000000001B662000-memory.dmp

Filesize
2.9MB

Download
memory/2208-21-0x000007FEF5560000-0x000007FEF5EFD000-memory.dmp

Filesize
9.6MB

Download