Overview

overview

10

Static

static

3

c9f7cbb4a9...db.exe

windows7-x64

8

c9f7cbb4a9...db.exe

windows10-2004-x64

10

Fiskerettens.ps1

windows7-x64

3

Fiskerettens.ps1

windows10-2004-x64

8

Analysis

  • max time kernel
    121s
  • max time network
    122s
  • platform
    windows7_x64
  • resource
    win7-20240903-en
  • resource tags

    arch:x64arch:x86image:win7-20240903-enlocale:en-usos:windows7-x64system
  • submitted
    08-11-2024 12:22

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    Fiskerettens.ps1

  • Size

    52KB

  • MD5

    faf341db23ab218989520cdb488bd287

  • SHA1

    dea8d00a028dbf3db1e4dc43c78f4953146a5512

  • SHA256

    31986b7f9a99a42e3d59c24fa9a3530f7436f99ed3c7651f04debd3f62c44a89

  • SHA512

    99bdfe35735c579102859774c3bd0809858d9628b3691ad4a9955016822139fe96f1921eed5d7dc57350faf6fbb4ba4f820278b04bb22ff88dcfefa2909da79f

  • SSDEEP

    1536:We4ji4ZMCyENUaKEqfmM8PTjcHrhIU8Nmp42:8nR3KhmZLjcHOXYH

Score
3/10
execution

Malware Config

Signatures

  • Command and Scripting Interpreter: PowerShell 1 TTPs 1 IoCs

    Using powershell.exe command.

    execution
  • Suspicious behavior: EnumeratesProcesses 2 IoCs
  • Suspicious use of AdjustPrivilegeToken 1 IoCs
  • Suspicious use of WriteProcessMemory 3 IoCs

Processes

  • C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
    powershell.exe -ExecutionPolicy bypass -File C:\Users\Admin\AppData\Local\Temp\Fiskerettens.ps1
    1⤵
    • Command and Scripting Interpreter: PowerShell
    • Suspicious behavior: EnumeratesProcesses
    • Suspicious use of AdjustPrivilegeToken
    • Suspicious use of WriteProcessMemory
    PID:2348
    • C:\Windows\system32\wermgr.exe
      "C:\Windows\system32\wermgr.exe" "-outproc" "2348" "860"
      2⤵
        PID:2196

    Network

    MITRE ATT&CK Enterprise v15

    Replay Monitor

    Loading Replay Monitor...

    Downloads

    • C:\Users\Admin\AppData\Local\Temp\OutofProcReport259447290.txt
      Filesize

      1KB

      MD5

      1f7eb7f4959cee813c003a57e74041f8

      SHA1

      a1151a9fc9dd6783ed7fb58dbfdd3b6cc3f29474

      SHA256

      d40e831fc9d73b9cea935f7d67a7c34128b247c8736ac8e2753313f200db103f

      SHA512

      01c80aa6b43bec690e0ccb37c22826d355a071c4a2fb17a941766600116771a22e17fe0950ea567f3af0229d8cfbae2850360cba2f7b5f0d0cca1f4f02be2464

      Download Submit

    • memory/2348-10-0x000007FEF59D0000-0x000007FEF636D000-memory.dmp

      Filesize

      9.6MB

      Download

    • memory/2348-6-0x0000000001E60000-0x0000000001E68000-memory.dmp

      Filesize

      32KB

      Download

    • memory/2348-7-0x000007FEF59D0000-0x000007FEF636D000-memory.dmp

      Filesize

      9.6MB

      Download

    • memory/2348-8-0x000007FEF59D0000-0x000007FEF636D000-memory.dmp

      Filesize

      9.6MB

      Download

    • memory/2348-9-0x000007FEF59D0000-0x000007FEF636D000-memory.dmp

      Filesize

      9.6MB

      Download

    • memory/2348-4-0x000007FEF5C8E000-0x000007FEF5C8F000-memory.dmp

      Filesize

      4KB

      Download

    • memory/2348-11-0x000007FEF59D0000-0x000007FEF636D000-memory.dmp

      Filesize

      9.6MB

      Download

    • memory/2348-12-0x000007FEF59D0000-0x000007FEF636D000-memory.dmp

      Filesize

      9.6MB

      Download

    • memory/2348-13-0x000007FEF59D0000-0x000007FEF636D000-memory.dmp

      Filesize

      9.6MB

      Download

    • memory/2348-5-0x000000001B760000-0x000000001BA42000-memory.dmp

      Filesize

      2.9MB

      Download

    • memory/2348-16-0x000007FEF59D0000-0x000007FEF636D000-memory.dmp

      Filesize

      9.6MB

      Download

    • memory/2348-17-0x000007FEF59D0000-0x000007FEF636D000-memory.dmp

      Filesize

      9.6MB

      Download