Analysis
-
max time kernel
16s -
max time network
17s -
platform
windows7_x64 -
resource
win7-20240708-en -
resource tags
arch:x64arch:x86image:win7-20240708-enlocale:en-usos:windows7-x64system -
submitted
22-10-2024 12:26
Static task
static1
Behavioral task
behavioral1
Sample
001_215_EA2047939_202410210815.exe
Resource
win7-20241010-en
Behavioral task
behavioral2
Sample
001_215_EA2047939_202410210815.exe
Resource
win10v2004-20241007-en
Behavioral task
behavioral3
Sample
Kontokurantens.ps1
Resource
win7-20240708-en
Behavioral task
behavioral4
Sample
Kontokurantens.ps1
Resource
win10v2004-20241007-en
General
-
Target
Kontokurantens.ps1
-
Size
50KB
-
MD5
8a4da8bab6993bc24f8ba89b1a5035ba
-
SHA1
0266616ebaff76b9027bdf4a52742bbb6d7dbf90
-
SHA256
d19add8d848501931650d9c2f77d4519b15ffe2399a161dac88ea99c07f1b62d
-
SHA512
1f604a65b0fb4543feab6eb9584aab3c47c5ebcabf251492c7be827e3c5d547f310ff05354bf30837fe8192be427c1855ec22783a0be14db15b40b1f05a13c50
-
SSDEEP
1536:em3/0wJ5Bo29iuM2fkfAFr6+nw0JefyiwDs:/3/0EbiuRcot6Ocfyiwo
Malware Config
Signatures
-
Suspicious behavior: EnumeratesProcesses 2 IoCs
Processes:
powershell.exepid process 1968 powershell.exe 1968 powershell.exe -
Suspicious use of AdjustPrivilegeToken 1 IoCs
Processes:
powershell.exedescription pid process Token: SeDebugPrivilege 1968 powershell.exe -
Suspicious use of WriteProcessMemory 3 IoCs
Processes:
powershell.exedescription pid process target process PID 1968 wrote to memory of 2816 1968 powershell.exe wermgr.exe PID 1968 wrote to memory of 2816 1968 powershell.exe wermgr.exe PID 1968 wrote to memory of 2816 1968 powershell.exe wermgr.exe
Processes
-
C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exepowershell.exe -ExecutionPolicy bypass -File C:\Users\Admin\AppData\Local\Temp\Kontokurantens.ps11⤵
- Command and Scripting Interpreter: PowerShell
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
PID:1968 -
C:\Windows\system32\wermgr.exe"C:\Windows\system32\wermgr.exe" "-outproc" "1968" "860"2⤵PID:2816
Network
MITRE ATT&CK Enterprise v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
1KB
MD5774013714e53db92ae0a42d264d23e80
SHA1e0bf4fbad9af7ecfe826eaac26a59e2b79db6204
SHA2560026325c7dcc6c4a2c81bbfe36170fed53c57b30da3a81bf1d624fe75e2f669a
SHA512875a9710ecedb2341daea1b8004d9cc3f991bf589201b621901b710246d63223ccdea1cd640d13f6bffc6c528042eb21e2332c12947ea0f5e2a71e53e26045e4