Analysis
-
max time kernel
120s -
max time network
121s -
platform
windows7_x64 -
resource
win7-20240729-en -
resource tags
arch:x64arch:x86image:win7-20240729-enlocale:en-usos:windows7-x64system -
submitted
22-10-2024 16:08
Static task
static1
Behavioral task
behavioral1
Sample
Miljpaavirkningen.exe
Resource
win7-20240903-en
Behavioral task
behavioral2
Sample
Miljpaavirkningen.exe
Resource
win10v2004-20241007-en
Behavioral task
behavioral3
Sample
Kreditnotaens/Plettes.ps1
Resource
win7-20240729-en
Behavioral task
behavioral4
Sample
Kreditnotaens/Plettes.ps1
Resource
win10v2004-20241007-en
General
-
Target
Kreditnotaens/Plettes.ps1
-
Size
52KB
-
MD5
ce0a682e2db6ee3b12ff901dd3bb16d8
-
SHA1
d661a2f36066a9482a99c47c7773fc79161ea983
-
SHA256
f73707d437fa4b1c7350b2eaf02faff3752d2267faa038e789fc3253aa08ae5e
-
SHA512
75acea1f522ca924304dbaf44ce5732d04fe746c985edf2fe90e4de1ab036940f5f3a2cf76a0e8338f23014a1226de91af8b9c4aecfdb537a489b003b314f7c7
-
SSDEEP
1536:wSzp6zgtCnDFOdY4ARI0LEvoaxTs7BdGiyn:wGp6zgtCnZOzARpLLaxw7BdGiK
Malware Config
Signatures
-
Suspicious behavior: EnumeratesProcesses 2 IoCs
Processes:
powershell.exepid process 2240 powershell.exe 2240 powershell.exe -
Suspicious use of AdjustPrivilegeToken 1 IoCs
Processes:
powershell.exedescription pid process Token: SeDebugPrivilege 2240 powershell.exe -
Suspicious use of WriteProcessMemory 3 IoCs
Processes:
powershell.exedescription pid process target process PID 2240 wrote to memory of 2940 2240 powershell.exe wermgr.exe PID 2240 wrote to memory of 2940 2240 powershell.exe wermgr.exe PID 2240 wrote to memory of 2940 2240 powershell.exe wermgr.exe
Processes
-
C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exepowershell.exe -ExecutionPolicy bypass -File C:\Users\Admin\AppData\Local\Temp\Kreditnotaens\Plettes.ps11⤵
- Command and Scripting Interpreter: PowerShell
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
PID:2240 -
C:\Windows\system32\wermgr.exe"C:\Windows\system32\wermgr.exe" "-outproc" "2240" "860"2⤵PID:2940
Network
MITRE ATT&CK Enterprise v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
1KB
MD590426d4610ab3838a6d1fda80d85fccf
SHA1adb758b7a0e87415e261054c40c6de5b681a9ae1
SHA256b44d97573720f81e41694731667c0f55679d65d7db290947c1544d1227dd3202
SHA5127cf09704673cc19deba9f628aed56d383f55edb41795626d556fc3d40850fa9472c28ed518033e0fa1775508f3e5ae89f29260cb99fd66deea0ab9367d539d44