Analysis

  • max time kernel
    14s
  • max time network
    19s
  • platform
    windows7_x64
  • resource
    win7-20241010-en
  • resource tags

    arch:x64arch:x86image:win7-20241010-enlocale:en-usos:windows7-x64system
  • submitted
    23-10-2024 20:09

General

  • Target

    Fyldiges.ps1

  • Size

    53KB

  • MD5

    dbe1380eb686fc84a3cd87ee84077382

  • SHA1

    66a6b15521a3affc3d9b893554475078f41224a0

  • SHA256

    b05d49191a62ec38497b0ae6378c984ac2013d6fec29b62d94299d88f5d5d279

  • SHA512

    84987e2a263284df3d365caed6b549c93f23ad0982ffa7b8acfd21562c68ad1a2b198a47b2877e6ef4c4d679fe710cefa2df0de37a303a64838ac1b796d9335c

  • SSDEEP

    1536:S5OtREySF0zWeeIsGsnhPqsw7XKIVoR9Fj:S5OtREyxWegnhPq3s9Z

Score
3/10

Malware Config

Signatures

  • Command and Scripting Interpreter: PowerShell 1 TTPs 1 IoCs

    Using powershell.exe command.

  • Suspicious behavior: EnumeratesProcesses 2 IoCs
  • Suspicious use of AdjustPrivilegeToken 1 IoCs
  • Suspicious use of WriteProcessMemory 3 IoCs

Processes

  • C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
    powershell.exe -ExecutionPolicy bypass -File C:\Users\Admin\AppData\Local\Temp\Fyldiges.ps1
    1⤵
    • Command and Scripting Interpreter: PowerShell
    • Suspicious behavior: EnumeratesProcesses
    • Suspicious use of AdjustPrivilegeToken
    • Suspicious use of WriteProcessMemory
    PID:2072
    • C:\Windows\system32\wermgr.exe
      "C:\Windows\system32\wermgr.exe" "-outproc" "2072" "912"
      2⤵
        PID:2816

    Network

    MITRE ATT&CK Enterprise v15

    Replay Monitor

    Loading Replay Monitor...

    Downloads

    • C:\Users\Admin\AppData\Local\Temp\OutofProcReport259565434.txt

      Filesize

      1KB

      MD5

      55e4fb3a741b9fdeaa5502d63b79b24c

      SHA1

      f289f7045d4b85c9fe83c61b303c43a7647a5069

      SHA256

      3352667c0ede531f6d6ab77547a974401cc1a8aa8acbbb5efd7a44dc265bdb45

      SHA512

      0e20a0695ffd7219365feef11737dc89f4791784d06347f656df7c0efecb11f382d743e0530e0360f4f9fda34e26b994bf42aa18946e3044bbafdddbb0836f04

    • memory/2072-12-0x000007FEF5AE0000-0x000007FEF647D000-memory.dmp

      Filesize

      9.6MB

    • memory/2072-13-0x000007FEF5D9E000-0x000007FEF5D9F000-memory.dmp

      Filesize

      4KB

    • memory/2072-7-0x000007FEF5AE0000-0x000007FEF647D000-memory.dmp

      Filesize

      9.6MB

    • memory/2072-8-0x000007FEF5AE0000-0x000007FEF647D000-memory.dmp

      Filesize

      9.6MB

    • memory/2072-9-0x000007FEF5AE0000-0x000007FEF647D000-memory.dmp

      Filesize

      9.6MB

    • memory/2072-10-0x000007FEF5AE0000-0x000007FEF647D000-memory.dmp

      Filesize

      9.6MB

    • memory/2072-6-0x0000000002310000-0x0000000002318000-memory.dmp

      Filesize

      32KB

    • memory/2072-4-0x000007FEF5D9E000-0x000007FEF5D9F000-memory.dmp

      Filesize

      4KB

    • memory/2072-11-0x000007FEF5AE0000-0x000007FEF647D000-memory.dmp

      Filesize

      9.6MB

    • memory/2072-14-0x000007FEF5AE0000-0x000007FEF647D000-memory.dmp

      Filesize

      9.6MB

    • memory/2072-15-0x000007FEF5AE0000-0x000007FEF647D000-memory.dmp

      Filesize

      9.6MB

    • memory/2072-16-0x000007FEF5AE0000-0x000007FEF647D000-memory.dmp

      Filesize

      9.6MB

    • memory/2072-5-0x000000001B330000-0x000000001B612000-memory.dmp

      Filesize

      2.9MB

    • memory/2072-19-0x000007FEF5AE0000-0x000007FEF647D000-memory.dmp

      Filesize

      9.6MB

    • memory/2072-20-0x000007FEF5AE0000-0x000007FEF647D000-memory.dmp

      Filesize

      9.6MB