Overview

overview

3

Static

static

1

Add_Take_O...nu.ps1

windows7-x64

3

Add_Take_O...nu.ps1

windows10-2004-x64

3

Analysis

  • max time kernel
    1151s
  • max time network
    1157s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20241007-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20241007-enlocale:en-usos:windows10-2004-x64system
  • submitted
    21-11-2024 10:24

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    Add_Take_Ownership_with_Pause_to_context_menu.ps1

  • Size

    4KB

  • MD5

    cc92113fc2f6896b1c9d6c3f9b8b6d54

  • SHA1

    a344a23dca1e8db605230049a016dbf252d9b744

  • SHA256

    2a297794be590d5a50d980811b8e538da50c79abc969b4e809ebcf915deda574

  • SHA512

    72b2fe016745710066b7b11eb0decc23c177bcce03f984d9a37dd86c408d08a97109504b16c4b2857f835f9468da77f18efb3886d4a3dac6921af3432065418e

  • SSDEEP

    96:Na9/8Hqx8HqYVqJ0H4WT80H4WTuVqBPgoPg+:C/WCWVVqJ+++gVqh

Score
3/10
execution

Malware Config

Signatures

  • Command and Scripting Interpreter: PowerShell 1 TTPs 1 IoCs

    Using powershell.exe command.

    execution
  • Suspicious behavior: EnumeratesProcesses 2 IoCs
  • Suspicious use of AdjustPrivilegeToken 1 IoCs

Processes

  • C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
    powershell.exe -ExecutionPolicy bypass -File C:\Users\Admin\AppData\Local\Temp\Add_Take_Ownership_with_Pause_to_context_menu.ps1
    1⤵
    • Command and Scripting Interpreter: PowerShell
    • Suspicious behavior: EnumeratesProcesses
    • Suspicious use of AdjustPrivilegeToken
    PID:3876

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Users\Admin\AppData\Local\Temp\__PSScriptPolicyTest_iedqlr5p.upy.ps1
    Filesize

    60B

    MD5

    d17fe0a3f47be24a6453e9ef58c94641

    SHA1

    6ab83620379fc69f80c0242105ddffd7d98d5d9d

    SHA256

    96ad1146eb96877eab5942ae0736b82d8b5e2039a80d3d6932665c1a4c87dcf7

    SHA512

    5b592e58f26c264604f98f6aa12860758ce606d1c63220736cf0c779e4e18e3cec8706930a16c38b20161754d1017d1657d35258e58ca22b18f5b232880dec82

    Download Submit

  • memory/3876-0-0x00007FFD6EFA3000-0x00007FFD6EFA5000-memory.dmp

    Filesize

    8KB

    Download

  • memory/3876-1-0x000002281D650000-0x000002281D672000-memory.dmp

    Filesize

    136KB

    Download

  • memory/3876-11-0x00007FFD6EFA0000-0x00007FFD6FA61000-memory.dmp

    Filesize

    10.8MB

    Download

  • memory/3876-12-0x00007FFD6EFA0000-0x00007FFD6FA61000-memory.dmp

    Filesize

    10.8MB

    Download

  • memory/3876-13-0x00007FFD6EFA0000-0x00007FFD6FA61000-memory.dmp

    Filesize

    10.8MB

    Download

  • memory/3876-16-0x00007FFD6EFA0000-0x00007FFD6FA61000-memory.dmp

    Filesize

    10.8MB

    Download