Analysis
-
max time kernel
121s -
max time network
122s -
platform
windows7_x64 -
resource
win7-20240903-en -
resource tags
arch:x64arch:x86image:win7-20240903-enlocale:en-usos:windows7-x64system -
submitted
22-11-2024 05:22
Static task
static1
Behavioral task
behavioral1
Sample
protocol.ps1
Resource
win7-20240903-en
windows7-x64
4 signatures
150 seconds
General
-
Target
protocol.ps1
-
Size
638B
-
MD5
438bdde142d374368c77b97a7a1561c6
-
SHA1
de1663c0d3760ed9c012610a85e58d21d2af90ca
-
SHA256
47b71556865351eaf445aaba6a0c6fd53322d8294ea2da5be78d184ce746ff3f
-
SHA512
86663e3284b95dd235417fee177bbc9e519abd05ae7cc03eab34b814e34a82fb8cb30939ba4bfa357ea70644a9504248514d951736d6de591668d6136dac9fba
Score
8/10
Malware Config
Signatures
-
Blocklisted process makes network request 1 IoCs
flow pid Process 5 2300 powershell.exe -
pid Process 2300 powershell.exe -
Suspicious behavior: EnumeratesProcesses 1 IoCs
pid Process 2300 powershell.exe -
Suspicious use of AdjustPrivilegeToken 1 IoCs
description pid Process Token: SeDebugPrivilege 2300 powershell.exe
Processes
-
C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exepowershell.exe -ExecutionPolicy bypass -File C:\Users\Admin\AppData\Local\Temp\protocol.ps11⤵
- Blocklisted process makes network request
- Command and Scripting Interpreter: PowerShell
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of AdjustPrivilegeToken
PID:2300