Analysis
-
max time kernel
121s -
max time network
121s -
platform
windows7_x64 -
resource
win7-20240903-en -
resource tags
arch:x64arch:x86image:win7-20240903-enlocale:en-usos:windows7-x64system -
submitted
18-10-2024 07:19
Static task
static1
Behavioral task
behavioral1
Sample
Materien.exe
Resource
win7-20240903-en
Behavioral task
behavioral2
Sample
Materien.exe
Resource
win10v2004-20241007-en
Behavioral task
behavioral3
Sample
Tillgspensionen.ps1
Resource
win7-20240903-en
Behavioral task
behavioral4
Sample
Tillgspensionen.ps1
Resource
win10v2004-20241007-en
General
-
Target
Tillgspensionen.ps1
-
Size
53KB
-
MD5
1e72916a0e82da66cf7753db11b602a2
-
SHA1
322d0c1a058a5c4ba50f534137c45462dd8b989d
-
SHA256
8a7aca1e042680f82f1703da26587d5058e55cdc50a9da8bc7bd226d1a6748d4
-
SHA512
b32c7d41172e7df012277acb4f8662e1d5949db80d9a35a68433eaee8d740b46a0d3a068d6609140e86e846b0ac436e21e18ba7d85b17db3214cc7ef833af203
-
SSDEEP
1536:PU0/q/xmGzkHZeRcFThmlZA4snsEKhBRLUM4it/xIC8ZYHg:L/WRkoEhmbA4snedgMRtx60g
Malware Config
Signatures
-
pid Process 2372 powershell.exe -
Suspicious behavior: EnumeratesProcesses 2 IoCs
pid Process 2372 powershell.exe 2372 powershell.exe -
Suspicious use of AdjustPrivilegeToken 1 IoCs
description pid Process Token: SeDebugPrivilege 2372 powershell.exe -
Suspicious use of WriteProcessMemory 3 IoCs
description pid Process procid_target PID 2372 wrote to memory of 2896 2372 powershell.exe 32 PID 2372 wrote to memory of 2896 2372 powershell.exe 32 PID 2372 wrote to memory of 2896 2372 powershell.exe 32
Processes
-
C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exepowershell.exe -ExecutionPolicy bypass -File C:\Users\Admin\AppData\Local\Temp\Tillgspensionen.ps11⤵
- Command and Scripting Interpreter: PowerShell
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
PID:2372 -
C:\Windows\system32\wermgr.exe"C:\Windows\system32\wermgr.exe" "-outproc" "2372" "856"2⤵PID:2896
-
Network
MITRE ATT&CK Enterprise v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
1KB
MD53e9726771cf01c3fd14e2431b07dc8d1
SHA14abac76e8bf6329daa37f2d6a72cb5b787ad3812
SHA25680dd2ae6df77bfc32d36466a8298d9a28f7eb6370514b3b2566151c78df1b512
SHA5121bb5e11acdb231c29d3ca9b42436ae67dab93a5a476b02afebcb3bb0d6e729866c432b13fe2777c2db3a20c7e378947c02c568e80baf4d7eb49a1555e2c0545a