Analysis
-
max time kernel
118s -
max time network
124s -
platform
windows7_x64 -
resource
win7-20240903-en -
resource tags
arch:x64arch:x86image:win7-20240903-enlocale:en-usos:windows7-x64system -
submitted
01-12-2024 16:06
Static task
static1
Behavioral task
behavioral1
Sample
125b4582b7dd2221044fb257f580da57e4dc61b03a6c35e208fed973f71c28a1.exe
Resource
win7-20240903-en
Behavioral task
behavioral2
Sample
125b4582b7dd2221044fb257f580da57e4dc61b03a6c35e208fed973f71c28a1.exe
Resource
win10v2004-20241007-en
Behavioral task
behavioral3
Sample
Paraffinerer.ps1
Resource
win7-20240903-en
Behavioral task
behavioral4
Sample
Paraffinerer.ps1
Resource
win10v2004-20241007-en
General
-
Target
Paraffinerer.ps1
-
Size
53KB
-
MD5
6f2c225ff02a35f64c6157286f9e90b1
-
SHA1
fdfb286088fd3cb3c3fa39f39e2e7ba48b3c6624
-
SHA256
0f4caa809a6b9ad70a305958af34e60b82f3080bbb7067f316ca85702ffba443
-
SHA512
c5fb4eafb4c29b774648bcec26736ad0808815d10618c95b723de9296240e6f9cbc35e90cc4439266f013810f16dde0f44a840fa928d8be2a8562cc5ac8d2eb5
-
SSDEEP
1536:qBW8/PWnOQz17PFJoL9Wt34bzGFC3fm5Xa5Z9YwsklLt7:qj/PWnOa7NG9034fGQ3fmFTI7
Malware Config
Signatures
-
pid Process 2696 powershell.exe -
Suspicious behavior: EnumeratesProcesses 2 IoCs
pid Process 2696 powershell.exe 2696 powershell.exe -
Suspicious use of AdjustPrivilegeToken 1 IoCs
description pid Process Token: SeDebugPrivilege 2696 powershell.exe -
Suspicious use of WriteProcessMemory 3 IoCs
description pid Process procid_target PID 2696 wrote to memory of 2276 2696 powershell.exe 31 PID 2696 wrote to memory of 2276 2696 powershell.exe 31 PID 2696 wrote to memory of 2276 2696 powershell.exe 31
Processes
-
C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exepowershell.exe -ExecutionPolicy bypass -File C:\Users\Admin\AppData\Local\Temp\Paraffinerer.ps11⤵
- Command and Scripting Interpreter: PowerShell
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
PID:2696 -
C:\Windows\system32\wermgr.exe"C:\Windows\system32\wermgr.exe" "-outproc" "2696" "856"2⤵PID:2276
-
Network
MITRE ATT&CK Enterprise v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
1KB
MD59b77f7d5146f949ceba2087f4131c4f1
SHA153a9fe069ccb55b094669b30058b2540a29f17b3
SHA256db80ce6a609fffe0dfb24df17238a921d10393a410025750acfd00f3e39c99b5
SHA5122155a2bb3adaa76ece9b71d303fc7b44b07589530854bbba2dd65f95cefc1b781064c9ed0c7d6adf9abff5ccd5b158d0bbeee23ae7130136b6688b6465f39e19