Analysis
-
max time kernel
366s -
max time network
380s -
platform
windows7_x64 -
resource
win7-20241010-en -
resource tags
-
submitted
21-11-2024 12:26
General
-
Target
Hemingway Editor 3.0.6/App/AppInfo/Launcher/Custom.ps1
-
Size
8KB
-
MD5
fe2e52aa1bce27f09d0036481541fe83
-
SHA1
198ab02c8014fffc3343494a25f286a9253ee737
-
SHA256
54bbcbcf53f2124e8d3c3c50b87de5f406b695f21d79f065373ff35bf9b3ff5b
-
SHA512
5d6454e94b1742d823baff584fea1c9106fa19359c1804fd9a2d4e2efb1adf03515ecd3790646d32303ead69ba2a542a1236b09c49be19c0659d98cd7e86af4b
-
SSDEEP
192:WQuZpPDcyxkYLtrOEuo+a7RdVRusuFV5ut:l8PDcyxao+4nRutFV5ut
Score
3/10
Malware Config
Signatures
-
Command and Scripting Interpreter: PowerShell 1 TTPs 1 IoCs
Using powershell.exe command.
-
Suspicious behavior: EnumeratesProcesses 1 IoCs
-
Suspicious use of AdjustPrivilegeToken 5 IoCs
Processes
-
C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exepowershell.exe -ExecutionPolicy bypass -File "C:\Users\Admin\AppData\Local\Temp\Hemingway Editor 3.0.6\App\AppInfo\Launcher\Custom.ps1"1⤵
- Command and Scripting Interpreter: PowerShell
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of AdjustPrivilegeToken
-
C:\Windows\explorer.exe"C:\Windows\explorer.exe"1⤵
-
C:\Windows\system32\AUDIODG.EXEC:\Windows\system32\AUDIODG.EXE 0x5c41⤵
- Suspicious use of AdjustPrivilegeToken
Network
MITRE ATT&CK Enterprise v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
4KB
-
Filesize
2.9MB
-
Filesize
9.6MB
-
Filesize
32KB
-
Filesize
9.6MB
-
Filesize
9.6MB
-
Filesize
9.6MB
-
Filesize
9.6MB
-
Filesize
9.6MB