Overview

overview

10

Static

static

10

00ab8a1a2b...51.doc

windows7-x64

3

00ab8a1a2b...51.doc

windows10-2004-x64

1

04bbbaf0d0...25.exe

windows7-x64

3

04bbbaf0d0...25.exe

windows10-2004-x64

3

1139a9099f...64.exe

windows7-x64

3

1139a9099f...64.exe

windows10-2004-x64

3

114a8c03ee...39.doc

windows7-x64

4

114a8c03ee...39.doc

windows10-2004-x64

1

19911c6865...fc.exe

windows7-x64

19911c6865...fc.exe

windows10-2004-x64

2299ff9c7e...6.docx

windows7-x64

4

2299ff9c7e...6.docx

windows10-2004-x64

1

2b79b44b0f...07.dll

windows7-x64

5

2b79b44b0f...07.dll

windows10-2004-x64

5

2c6638998f...2a.xls

windows7-x64

3

2c6638998f...2a.xls

windows10-2004-x64

1

35352a7ac7...ce.exe

windows7-x64

35352a7ac7...ce.exe

windows10-2004-x64

3792408618...3f.xls

windows7-x64

3

3792408618...3f.xls

windows10-2004-x64

1

3b0fd96950...ea.dll

windows7-x64

5

3b0fd96950...ea.dll

windows10-2004-x64

5

4078c6d0ff...f7.lnk

windows7-x64

3

4078c6d0ff...f7.lnk

windows10-2004-x64

7

428f4ed31c...99.dll

windows7-x64

1

428f4ed31c...99.dll

windows10-2004-x64

1

4c27f9a78c...04.ps1

windows7-x64

3

4c27f9a78c...04.ps1

windows10-2004-x64

3

4d9f557790...24.exe

windows7-x64

7

4d9f557790...24.exe

windows10-2004-x64

7

4f7848518a...6d.doc

windows7-x64

3

4f7848518a...6d.doc

windows10-2004-x64

1

Analysis

  • max time kernel
    149s
  • max time network
    159s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20241007-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20241007-enlocale:en-usos:windows10-2004-x64system
  • submitted
    21-10-2024 18:16

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    4c27f9a78ca18364a6a42b5c61f94442782afef7fcc6a1cdfa9efc09b514cd04.ps1

  • Size

    52B

  • MD5

    d72a9b9019e5e3fa7d37a52411070dc8

  • SHA1

    1eacca1b268d1e80531a53b7fdfdb0024a511963

  • SHA256

    4c27f9a78ca18364a6a42b5c61f94442782afef7fcc6a1cdfa9efc09b514cd04

  • SHA512

    3174c8bb847abcd208a7e546688baf908b717d9b98591acc6075f9521d1761074b0038bd1f15fdc86a90dbe2ae2c1788e72f5b3a2ecf053e70080311026dcd60

Score
3/10
execution

Malware Config

Signatures

  • Command and Scripting Interpreter: PowerShell 1 TTPs 1 IoCs

    Using powershell.exe command.

    execution
  • Suspicious behavior: EnumeratesProcesses 2 IoCs
  • Suspicious use of AdjustPrivilegeToken 1 IoCs

Processes

  • C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
    powershell.exe -ExecutionPolicy bypass -File C:\Users\Admin\AppData\Local\Temp\4c27f9a78ca18364a6a42b5c61f94442782afef7fcc6a1cdfa9efc09b514cd04.ps1
    1⤵
    • Command and Scripting Interpreter: PowerShell
    • Suspicious behavior: EnumeratesProcesses
    • Suspicious use of AdjustPrivilegeToken
    PID:3400

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Users\Admin\AppData\Local\Temp\__PSScriptPolicyTest_o2ibxsvs.b1c.psm1
    Filesize

    60B

    MD5

    d17fe0a3f47be24a6453e9ef58c94641

    SHA1

    6ab83620379fc69f80c0242105ddffd7d98d5d9d

    SHA256

    96ad1146eb96877eab5942ae0736b82d8b5e2039a80d3d6932665c1a4c87dcf7

    SHA512

    5b592e58f26c264604f98f6aa12860758ce606d1c63220736cf0c779e4e18e3cec8706930a16c38b20161754d1017d1657d35258e58ca22b18f5b232880dec82

    Download Submit

  • memory/3400-0-0x00007FF9F5A73000-0x00007FF9F5A75000-memory.dmp

    Filesize

    8KB

    Download

  • memory/3400-1-0x0000025A779F0000-0x0000025A77A12000-memory.dmp

    Filesize

    136KB

    Download

  • memory/3400-11-0x00007FF9F5A70000-0x00007FF9F6531000-memory.dmp

    Filesize

    10.8MB

    Download

  • memory/3400-12-0x00007FF9F5A70000-0x00007FF9F6531000-memory.dmp

    Filesize

    10.8MB

    Download

  • memory/3400-15-0x00007FF9F5A70000-0x00007FF9F6531000-memory.dmp

    Filesize

    10.8MB

    Download