Analysis
-
max time kernel
73s -
max time network
19s -
platform
windows7_x64 -
resource
win7-20241010-en -
resource tags
arch:x64arch:x86image:win7-20241010-enlocale:en-usos:windows7-x64system -
submitted
24-10-2024 09:54
Static task
static1
Behavioral task
behavioral1
Sample
REVISED INVOICE.exe
Resource
win7-20241010-en
Behavioral task
behavioral2
Sample
REVISED INVOICE.exe
Resource
win10v2004-20241007-en
Behavioral task
behavioral3
Sample
Hyperclimax.ps1
Resource
win7-20241010-en
Behavioral task
behavioral4
Sample
Hyperclimax.ps1
Resource
win10v2004-20241007-en
General
-
Target
Hyperclimax.ps1
-
Size
55KB
-
MD5
6ac57b58205d75aee6380c3c6a8ef2a2
-
SHA1
466480b2a43b6c6dd95253849acaafcef82ca2b3
-
SHA256
f79002317d2a561e589e0006dd549d39c71488689ce772b15f84f393926a2786
-
SHA512
ea0dea24679edb7b4d10a62e23d52bf8102338bea90957f27adc92228a54bb0b49bb710b2ed9a159b48eb5ad1a353fdcefb311a2569a82d1bed17f8f4e7782be
-
SSDEEP
1536:uEy/BE4CCwPB+92TmVYkP/23ytqHO0Trmd/jK:g/BEhC2M23ytqU2
Malware Config
Signatures
-
Suspicious behavior: EnumeratesProcesses 2 IoCs
Processes:
powershell.exepid process 2116 powershell.exe 2116 powershell.exe -
Suspicious use of AdjustPrivilegeToken 1 IoCs
Processes:
powershell.exedescription pid process Token: SeDebugPrivilege 2116 powershell.exe -
Suspicious use of WriteProcessMemory 3 IoCs
Processes:
powershell.exedescription pid process target process PID 2116 wrote to memory of 2312 2116 powershell.exe wermgr.exe PID 2116 wrote to memory of 2312 2116 powershell.exe wermgr.exe PID 2116 wrote to memory of 2312 2116 powershell.exe wermgr.exe
Processes
-
C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exepowershell.exe -ExecutionPolicy bypass -File C:\Users\Admin\AppData\Local\Temp\Hyperclimax.ps11⤵
- Command and Scripting Interpreter: PowerShell
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
PID:2116 -
C:\Windows\system32\wermgr.exe"C:\Windows\system32\wermgr.exe" "-outproc" "2116" "912"2⤵PID:2312
-
Network
MITRE ATT&CK Enterprise v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
1KB
MD5c609b7a6fee35d815644526151053f5e
SHA1c74fd150b672336970cf6e87b1085132ffede5fb
SHA256f2763765fac7d2d5fb9430e04e12d301fa02f69bd677e056895f24dc54760cd5
SHA512f1667c660990727d3949e1434ed315ffad82a5a7216650f0a68338715fc30bd57cb5b8783f92d8c094cbc2e98b6e4f0732a0b2cedc707145c04dd7bfbb8c4632