a7c09acf7b13529dfc8b94e354d04d3f2d6cc56ab1524a8f2c179a851b00b263

Analysis

max time kernel
122s
max time network
123s
platform
windows7_x64
resource
win7-20240708-en
resource tags

arch:x64arch:x86image:win7-20240708-enlocale:en-usos:windows7-x64system
submitted
21-11-2024 07:37

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

a7c09acf7b13529dfc8b94e354d04d3f2d6cc56ab1524a8f2c179a851b00b263.ps1
Size

21KB
MD5

425aa89a6b0f82dcf7aab69d36b1149f
SHA1

c003951ca1b83114725d855b2c45cce4852e6ce2
SHA256

a7c09acf7b13529dfc8b94e354d04d3f2d6cc56ab1524a8f2c179a851b00b263
SHA512

5d0016958af3279e61dfd9a5d34e182ee46cd1b8ae7b5246b13762cf06607c9b55511b6a501bc28edd51dbe31f877e0b3e3dee6d28df43e9f965e729102ec542
SSDEEP

384:UXCRAoJMWkNWbOVMnP0s7Ak5mFmyXg181HHi4s4PEctcv82ThC0tSpLsj7mjT:UXCRAKMWkcP0gxQ8e6mHY4cctck2TU0A

Score

3^/10

execution

Malware Config

Signatures

Command and Scripting Interpreter: PowerShell 1 TTPs 1 IoCs
Using powershell.exe command.
execution

PowerShell
T1059.001

Processes:

powershell.exe

pid process

2080 powershell.exe
Suspicious behavior: EnumeratesProcesses 1 IoCs

Processes:

powershell.exe

pid process

2080 powershell.exe
Suspicious use of AdjustPrivilegeToken 1 IoCs

Processes:

powershell.exe

description pid process

Token: SeDebugPrivilege 2080 powershell.exe

pid	process
2080	powershell.exe

pid	process
2080	powershell.exe

description	pid	process
Token: SeDebugPrivilege	2080	powershell.exe

C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
powershell.exe -ExecutionPolicy bypass -File C:\Users\Admin\AppData\Local\Temp\a7c09acf7b13529dfc8b94e354d04d3f2d6cc56ab1524a8f2c179a851b00b263.ps1
1⤵
- Command and Scripting Interpreter: PowerShell
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of AdjustPrivilegeToken
PID:2080

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Command and Scripting Interpreter

T1059

PowerShell

T1059.001

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

memory/2080-4-0x000007FEF62EE000-0x000007FEF62EF000-memory.dmp

Filesize
4KB

Download
memory/2080-5-0x000000001B700000-0x000000001B9E2000-memory.dmp

Filesize
2.9MB

Download
memory/2080-6-0x0000000001DE0000-0x0000000001DE8000-memory.dmp

Filesize
32KB

Download
memory/2080-7-0x000007FEF6030000-0x000007FEF69CD000-memory.dmp

Filesize
9.6MB

Download
memory/2080-8-0x000007FEF6030000-0x000007FEF69CD000-memory.dmp

Filesize
9.6MB

Download
memory/2080-9-0x000007FEF6030000-0x000007FEF69CD000-memory.dmp

Filesize
9.6MB

Download
memory/2080-10-0x000007FEF6030000-0x000007FEF69CD000-memory.dmp

Filesize
9.6MB

Download
memory/2080-11-0x000007FEF6030000-0x000007FEF69CD000-memory.dmp

Filesize
9.6MB

Download
memory/2080-12-0x000007FEF6030000-0x000007FEF69CD000-memory.dmp

Filesize
9.6MB

Download