Analysis
-
max time kernel
119s -
max time network
124s -
platform
windows7_x64 -
resource
win7-20241010-en -
resource tags
arch:x64arch:x86image:win7-20241010-enlocale:en-usos:windows7-x64system -
submitted
23-10-2024 13:33
Static task
static1
Behavioral task
behavioral1
Sample
PAGO FRAS. AGOSTO 2024..exe
Resource
win7-20240729-en
Behavioral task
behavioral2
Sample
PAGO FRAS. AGOSTO 2024..exe
Resource
win10v2004-20241007-en
Behavioral task
behavioral3
Sample
Vesperkost.ps1
Resource
win7-20241010-en
Behavioral task
behavioral4
Sample
Vesperkost.ps1
Resource
win10v2004-20241007-en
General
-
Target
Vesperkost.ps1
-
Size
53KB
-
MD5
e35283bacb62d15976b5841105b466a1
-
SHA1
0203661c08ae261483cd9da1c21d7173f8ea329d
-
SHA256
d6a7990b9c733d4ba3b1b0d2e5e42dfa2253b22fe345f4870bf24686c516788d
-
SHA512
9a0fbd409e74472330f6ec78e453af0825704d3d1f132657b6f8f32f738d51dc70a4124edade7c0fe3c6cc48c6774f8d822d4207d7e5f0879ae386df3e9521e6
-
SSDEEP
1536:aU2++zktjXZ1gOBaa9pa5LXX4goZUxnIJu+OEK5Nl:BjJ1gf9Ln4rOxnp+O5Nl
Malware Config
Signatures
-
Suspicious behavior: EnumeratesProcesses 2 IoCs
Processes:
powershell.exepid process 3028 powershell.exe 3028 powershell.exe -
Suspicious use of AdjustPrivilegeToken 1 IoCs
Processes:
powershell.exedescription pid process Token: SeDebugPrivilege 3028 powershell.exe -
Suspicious use of WriteProcessMemory 3 IoCs
Processes:
powershell.exedescription pid process target process PID 3028 wrote to memory of 2816 3028 powershell.exe wermgr.exe PID 3028 wrote to memory of 2816 3028 powershell.exe wermgr.exe PID 3028 wrote to memory of 2816 3028 powershell.exe wermgr.exe
Processes
-
C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exepowershell.exe -ExecutionPolicy bypass -File C:\Users\Admin\AppData\Local\Temp\Vesperkost.ps11⤵
- Command and Scripting Interpreter: PowerShell
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
PID:3028 -
C:\Windows\system32\wermgr.exe"C:\Windows\system32\wermgr.exe" "-outproc" "3028" "932"2⤵PID:2816
-
Network
MITRE ATT&CK Enterprise v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
1KB
MD5840851aadea043a437d4587497346611
SHA15a32c4f38e91b31f66d14ec5aa1c88859d3b1c3a
SHA256417c3264e46196ef202a4f887439166a57f13a7033f35ce316d920df640d8733
SHA51260742825f459f7c8a4c21b5b4f008cd5dd59c4784ed8281f1f955c27db7048e5f9b1f332e50367403b64481af8ea9dfc7667a18fb9e734604f7e3e4e50b27720