Overview

overview

10

Static

static

3

2.exe

windows7-x64

8

2.exe

windows10-2004-x64

10

Chromonemal.ps1

windows7-x64

3

Chromonemal.ps1

windows10-2004-x64

8

Analysis

  • max time kernel
    120s
  • max time network
    124s
  • platform
    windows7_x64
  • resource
    win7-20241010-en
  • resource tags

    arch:x64arch:x86image:win7-20241010-enlocale:en-usos:windows7-x64system
  • submitted
    15-11-2024 11:44

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    Chromonemal.ps1

  • Size

    53KB

  • MD5

    65171ebd8fd8c699770edee943ff09f1

  • SHA1

    dc17dd3e384f06c03015b136cc068c2973673981

  • SHA256

    73a4a59e35863571281154449961ab2a81ff47c3baa341d7de100287a0043274

  • SHA512

    f0f1c8a7dfa94feb7fc7e170ad4abfde9a4bc7d7af1a5c4cd763ca93484256a6a37fd5fb515345987af8daaedd812cfb3e0f5944ccdb0ee4983a0a71da53a144

  • SSDEEP

    1536:02be3lIq1gxBdV5jNQpNwrZHHoVmbclOHoEah/B66z:0OEj1EV5oYdIV2cXhwk

Score
3/10
execution

Malware Config

Signatures

  • Command and Scripting Interpreter: PowerShell 1 TTPs 1 IoCs

    Using powershell.exe command.

    execution
  • Suspicious behavior: EnumeratesProcesses 2 IoCs
  • Suspicious use of AdjustPrivilegeToken 1 IoCs
  • Suspicious use of WriteProcessMemory 3 IoCs

Processes

  • C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
    powershell.exe -ExecutionPolicy bypass -File C:\Users\Admin\AppData\Local\Temp\Chromonemal.ps1
    1⤵
    • Command and Scripting Interpreter: PowerShell
    • Suspicious behavior: EnumeratesProcesses
    • Suspicious use of AdjustPrivilegeToken
    • Suspicious use of WriteProcessMemory
    PID:2200
    • C:\Windows\system32\wermgr.exe
      "C:\Windows\system32\wermgr.exe" "-outproc" "2200" "908"
      2⤵
        PID:2220

    Network

    MITRE ATT&CK Enterprise v15

    Replay Monitor

    Loading Replay Monitor...

    Downloads

    • C:\Users\Admin\AppData\Local\Temp\OutofProcReport259461065.txt
      Filesize

      1KB

      MD5

      5cdf54b73c18eae51d280e555b8a146d

      SHA1

      f2c432c0ce4f68b2501547d529cdcda4cb76d8d1

      SHA256

      c779d9b52cae4e629f15893a1508d576b8bab2f1641093ac47d6f44dc759dff2

      SHA512

      a5a5c47d3cbe0bc44c816c4f8415bc648db8aa5df134451f67e9d8d61419ba874bc3998b07b13d9196f1e7565a7a26f81a4ece8498fe8e424798d7bc9b3ff828

      Download Submit

    • memory/2200-13-0x000007FEF5E20000-0x000007FEF67BD000-memory.dmp

      Filesize

      9.6MB

      Download

    • memory/2200-6-0x000007FEF5E20000-0x000007FEF67BD000-memory.dmp

      Filesize

      9.6MB

      Download

    • memory/2200-12-0x000007FEF5E20000-0x000007FEF67BD000-memory.dmp

      Filesize

      9.6MB

      Download

    • memory/2200-15-0x000007FEF5E20000-0x000007FEF67BD000-memory.dmp

      Filesize

      9.6MB

      Download

    • memory/2200-9-0x000007FEF5E20000-0x000007FEF67BD000-memory.dmp

      Filesize

      9.6MB

      Download

    • memory/2200-10-0x000007FEF5E20000-0x000007FEF67BD000-memory.dmp

      Filesize

      9.6MB

      Download

    • memory/2200-11-0x000007FEF5E20000-0x000007FEF67BD000-memory.dmp

      Filesize

      9.6MB

      Download

    • memory/2200-4-0x000007FEF60DE000-0x000007FEF60DF000-memory.dmp

      Filesize

      4KB

      Download

    • memory/2200-23-0x000007FEF5E20000-0x000007FEF67BD000-memory.dmp

      Filesize

      9.6MB

      Download

    • memory/2200-7-0x00000000025F0000-0x00000000025F8000-memory.dmp

      Filesize

      32KB

      Download

    • memory/2200-8-0x000007FEF5E20000-0x000007FEF67BD000-memory.dmp

      Filesize

      9.6MB

      Download

    • memory/2200-16-0x000007FEF5E20000-0x000007FEF67BD000-memory.dmp

      Filesize

      9.6MB

      Download

    • memory/2200-18-0x000007FEF5E20000-0x000007FEF67BD000-memory.dmp

      Filesize

      9.6MB

      Download

    • memory/2200-17-0x000007FEF5E20000-0x000007FEF67BD000-memory.dmp

      Filesize

      9.6MB

      Download

    • memory/2200-19-0x000007FEF5E20000-0x000007FEF67BD000-memory.dmp

      Filesize

      9.6MB

      Download

    • memory/2200-5-0x000000001B340000-0x000000001B622000-memory.dmp

      Filesize

      2.9MB

      Download

    • memory/2200-22-0x000007FEF5E20000-0x000007FEF67BD000-memory.dmp

      Filesize

      9.6MB

      Download

    • memory/2200-14-0x000007FEF60DE000-0x000007FEF60DF000-memory.dmp

      Filesize

      4KB

      Download