Analysis
-
max time kernel
120s -
max time network
121s -
platform
windows7_x64 -
resource
win7-20240903-en -
resource tags
arch:x64arch:x86image:win7-20240903-enlocale:en-usos:windows7-x64system -
submitted
23-10-2024 01:36
Static task
static1
Behavioral task
behavioral1
Sample
9b1f6b694a8757b419c04ccd6ade02b58db56952b45d3a70c02dfb9682ec9fdc.exe
Resource
win7-20240903-en
Behavioral task
behavioral2
Sample
9b1f6b694a8757b419c04ccd6ade02b58db56952b45d3a70c02dfb9682ec9fdc.exe
Resource
win10v2004-20241007-en
Behavioral task
behavioral3
Sample
Melibiose.ps1
Resource
win7-20240903-en
Behavioral task
behavioral4
Sample
Melibiose.ps1
Resource
win10v2004-20241007-en
General
-
Target
Melibiose.ps1
-
Size
53KB
-
MD5
1f737850c90e5d135b2a519df3ce86a4
-
SHA1
3d539ea4291810b1191eb671d8369b0cfa6d6f1d
-
SHA256
dbc22a96f5153282b6037375b64d01887dbf9b978dd5eada76eaba847d8e7a3f
-
SHA512
677a27533f8505de074c2237fba524f250c6db2c5a02b9b89341a49cd49ea6ccca1126d5964de025414fcf2fac58aee798f2c5c1536ab80a8ada088f1fd85996
-
SSDEEP
1536:PVYsfFw+Y9sUEAhh4Dp2UrjvFBnGOkrq3GyY6GBTU:dH97NNAhh4t2U3ZYarY6qTU
Malware Config
Signatures
-
Suspicious behavior: EnumeratesProcesses 2 IoCs
Processes:
powershell.exepid process 2380 powershell.exe 2380 powershell.exe -
Suspicious use of AdjustPrivilegeToken 1 IoCs
Processes:
powershell.exedescription pid process Token: SeDebugPrivilege 2380 powershell.exe -
Suspicious use of WriteProcessMemory 3 IoCs
Processes:
powershell.exedescription pid process target process PID 2380 wrote to memory of 2708 2380 powershell.exe wermgr.exe PID 2380 wrote to memory of 2708 2380 powershell.exe wermgr.exe PID 2380 wrote to memory of 2708 2380 powershell.exe wermgr.exe
Processes
-
C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exepowershell.exe -ExecutionPolicy bypass -File C:\Users\Admin\AppData\Local\Temp\Melibiose.ps11⤵
- Command and Scripting Interpreter: PowerShell
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
PID:2380 -
C:\Windows\system32\wermgr.exe"C:\Windows\system32\wermgr.exe" "-outproc" "2380" "860"2⤵PID:2708
Network
MITRE ATT&CK Enterprise v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
1KB
MD5fd3cf3f5d42e6c434835e32a25b470fd
SHA10b5c07e07f97b9228e40c65afaac85e5d5501bf4
SHA256761f2f30f8390053e0c0f793659b088dd75cae229164f0ba9976bd2049c5a7f3
SHA5127078a04371699e666846efe5e2369e7eab106754c8c49042bd27161eb7cf6e688585049347ef34316fa6a11d71ecfaef4100f40f2287e0a47fc12d5e0dff583c