Overview

overview

10

Static

static

10

beks.exe

windows7-x64

3

beks.exe

windows10-2004-x64

3

cr.dll

windows7-x64

3

cr.dll

windows10-2004-x64

3

psiniziale.ps1

windows7-x64

3

psiniziale.ps1

windows10-2004-x64

8

zukaz.ps1

windows7-x64

3

zukaz.ps1

windows10-2004-x64

8

Analysis

  • max time kernel
    14s
  • max time network
    19s
  • platform
    windows7_x64
  • resource
    win7-20241010-en
  • resource tags

    arch:x64arch:x86image:win7-20241010-enlocale:en-usos:windows7-x64system
  • submitted
    21-11-2024 16:15

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    psiniziale.ps1

  • Size

    498B

  • MD5

    c26768a5961c38415ae0d4100ed280ed

  • SHA1

    ad96a0593e494ddf98feb3094521f858ae53abb0

  • SHA256

    a2934d3110084fbb9656ba92a0a94f5508b5000e8461f3135e60c1e7c7e94caa

  • SHA512

    754286947111fe52bf512da0c97ec790d6e75979ffead2dc0fbcdcbe23e39d371f8fbaeed592588166542bece9fbaf5eb42909b8e72ddf76f1ce13ca73f6b0e2

Score
3/10
execution

Malware Config

Signatures

  • Command and Scripting Interpreter: PowerShell 1 TTPs 1 IoCs

    Using powershell.exe command.

    execution
  • Suspicious behavior: EnumeratesProcesses 1 IoCs
  • Suspicious use of AdjustPrivilegeToken 1 IoCs

Processes

  • C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
    powershell.exe -ExecutionPolicy bypass -File C:\Users\Admin\AppData\Local\Temp\psiniziale.ps1
    1⤵
    • Command and Scripting Interpreter: PowerShell
    • Suspicious behavior: EnumeratesProcesses
    • Suspicious use of AdjustPrivilegeToken
    PID:3040

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • memory/3040-4-0x000007FEF61FE000-0x000007FEF61FF000-memory.dmp

    Filesize

    4KB

    Download

  • memory/3040-5-0x000000001B420000-0x000000001B702000-memory.dmp

    Filesize

    2.9MB

    Download

  • memory/3040-6-0x0000000002460000-0x0000000002468000-memory.dmp

    Filesize

    32KB

    Download

  • memory/3040-7-0x000007FEF5F40000-0x000007FEF68DD000-memory.dmp

    Filesize

    9.6MB

    Download

  • memory/3040-8-0x000007FEF5F40000-0x000007FEF68DD000-memory.dmp

    Filesize

    9.6MB

    Download

  • memory/3040-9-0x000007FEF5F40000-0x000007FEF68DD000-memory.dmp

    Filesize

    9.6MB

    Download

  • memory/3040-10-0x000007FEF5F40000-0x000007FEF68DD000-memory.dmp

    Filesize

    9.6MB

    Download