Analysis
-
max time kernel
93s -
max time network
134s -
platform
windows10-2004_x64 -
resource
win10v2004-20241007-en -
resource tags
arch:x64arch:x86image:win10v2004-20241007-enlocale:en-usos:windows10-2004-x64system -
submitted
13-11-2024 09:39
Static task
static1
Behavioral task
behavioral1
Sample
WindowsUPD.ps1
Resource
win7-20241010-en
Behavioral task
behavioral2
Sample
WindowsUPD.ps1
Resource
win10v2004-20241007-en
General
-
Target
WindowsUPD.ps1
-
Size
15KB
-
MD5
0fd79133bd46b420056204b475719cd5
-
SHA1
79e581dee9b2a19943fe79136d58859e4ac5dffa
-
SHA256
8287d54c83db03b8adcdf1409f5d1c9abb1693ac8d000b5ae75b3a296cb3061c
-
SHA512
bfe8b5fba989e9ebcd84c15b0a35ae8e6e1cf882dac4c334e16e58278950bb27ea5fb7b50b84d88bff0382cc94364db9e11e816cc143e12044dfacb0494d3401
-
SSDEEP
384:cnjSh4f+dEYIQXHrxQE4EEoM/WoML1QZTWBh0ndH0mu0n+Eu/XoRxoqOTXYSJ8JR:cnjSh4f+dEYBHrxQE4EEoM/WoML1QZTP
Malware Config
Signatures
-
Blocklisted process makes network request 1 IoCs
Processes:
powershell.exeflow pid Process 4 4344 powershell.exe -
Adds Run key to start application 2 TTPs 1 IoCs
Processes:
powershell.exedescription ioc Process Set value (str) \REGISTRY\USER\S-1-5-21-2878641211-696417878-3864914810-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\powershell = "Powershell.exe -windowstyle hidden -ExecutionPolicy Bypass -File \"C:\\Users\\Admin\\AppData\\Local\\Temp\\WindowsUPD.ps1\"" powershell.exe -
Suspicious behavior: EnumeratesProcesses 2 IoCs
Processes:
powershell.exepid Process 4344 powershell.exe 4344 powershell.exe -
Suspicious use of AdjustPrivilegeToken 1 IoCs
Processes:
powershell.exedescription pid Process Token: SeDebugPrivilege 4344 powershell.exe
Processes
-
C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exepowershell.exe -ExecutionPolicy bypass -File C:\Users\Admin\AppData\Local\Temp\WindowsUPD.ps11⤵
- Blocklisted process makes network request
- Adds Run key to start application
- Command and Scripting Interpreter: PowerShell
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of AdjustPrivilegeToken
PID:4344
Network
MITRE ATT&CK Enterprise v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
60B
MD5d17fe0a3f47be24a6453e9ef58c94641
SHA16ab83620379fc69f80c0242105ddffd7d98d5d9d
SHA25696ad1146eb96877eab5942ae0736b82d8b5e2039a80d3d6932665c1a4c87dcf7
SHA5125b592e58f26c264604f98f6aa12860758ce606d1c63220736cf0c779e4e18e3cec8706930a16c38b20161754d1017d1657d35258e58ca22b18f5b232880dec82