Overview

overview

10

Static

static

3

INTECHRFQEN241813.exe

windows7-x64

4

INTECHRFQEN241813.exe

windows10-2004-x64

10

bodaciously.com

windows7-x64

bodaciously.com

windows10-2004-x64

radials.ps1

windows7-x64

3

radials.ps1

windows10-2004-x64

8

Analysis

  • max time kernel
    16s
  • max time network
    17s
  • platform
    windows7_x64
  • resource
    win7-20240729-en
  • resource tags

    arch:x64arch:x86image:win7-20240729-enlocale:en-usos:windows7-x64system
  • submitted
    02-12-2024 14:51

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    radials.ps1

  • Size

    52KB

  • MD5

    48bfb2d69f3a797169c8b44b71e7bb6a

  • SHA1

    2a3e1bb359707f2ad6325b2f8520e95945ebc6fe

  • SHA256

    95da5b6aa5c574eda69ebc3c020ad6163faa508e9bb37dd42f9b4290adc61ef0

  • SHA512

    688344cc79016b6678acae2a4302b945f81cf5f9abc81b9c783b2d94381d11d4c3b8d2d066452be8ea21c8312cdd3ef59d4a41d0f95496a072a071c8dadbaf1d

  • SSDEEP

    1536:ZazzEOZZXf8+7oAvmHg2lpTccbx978aGaDm/:Az4gZvp7u7pfbf7IX/

Score
3/10
execution

Malware Config

Signatures

  • Command and Scripting Interpreter: PowerShell 1 TTPs 1 IoCs

    Using powershell.exe command.

    execution
  • Suspicious behavior: EnumeratesProcesses 2 IoCs
  • Suspicious use of AdjustPrivilegeToken 1 IoCs
  • Suspicious use of WriteProcessMemory 3 IoCs

Processes

  • C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
    powershell.exe -ExecutionPolicy bypass -File C:\Users\Admin\AppData\Local\Temp\radials.ps1
    1⤵
    • Command and Scripting Interpreter: PowerShell
    • Suspicious behavior: EnumeratesProcesses
    • Suspicious use of AdjustPrivilegeToken
    • Suspicious use of WriteProcessMemory
    PID:1656
    • C:\Windows\system32\wermgr.exe
      "C:\Windows\system32\wermgr.exe" "-outproc" "1656" "852"
      2⤵
        PID:2872

    Network

    MITRE ATT&CK Enterprise v15

    Replay Monitor

    Loading Replay Monitor...

    Downloads

    • C:\Users\Admin\AppData\Local\Temp\OutofProcReport259506101.txt
      Filesize

      1KB

      MD5

      bead1b6b54dacf518b560530bffca86a

      SHA1

      c8a5733436040c80ef9614fe2370d1f7e0b5accf

      SHA256

      b5cd688d6ee6bdfb9f9140459139f26fff39771e6c9ab6c9228358240b24662a

      SHA512

      2b4a64bcc753262822279b660155ef035817633c0f7960de8ab65bd6289e148e26c7920a7366a9babe7f8e50095d81550040acec89b6c46cdb36f73e53e04243

      Download Submit

    • memory/1656-10-0x000007FEF6410000-0x000007FEF6DAD000-memory.dmp

      Filesize

      9.6MB

      Download

    • memory/1656-6-0x0000000001EF0000-0x0000000001EF8000-memory.dmp

      Filesize

      32KB

      Download

    • memory/1656-7-0x000007FEF6410000-0x000007FEF6DAD000-memory.dmp

      Filesize

      9.6MB

      Download

    • memory/1656-8-0x000007FEF6410000-0x000007FEF6DAD000-memory.dmp

      Filesize

      9.6MB

      Download

    • memory/1656-9-0x000007FEF6410000-0x000007FEF6DAD000-memory.dmp

      Filesize

      9.6MB

      Download

    • memory/1656-4-0x000007FEF66CE000-0x000007FEF66CF000-memory.dmp

      Filesize

      4KB

      Download

    • memory/1656-11-0x000007FEF6410000-0x000007FEF6DAD000-memory.dmp

      Filesize

      9.6MB

      Download

    • memory/1656-12-0x000007FEF6410000-0x000007FEF6DAD000-memory.dmp

      Filesize

      9.6MB

      Download

    • memory/1656-13-0x000007FEF6410000-0x000007FEF6DAD000-memory.dmp

      Filesize

      9.6MB

      Download

    • memory/1656-14-0x000007FEF66CE000-0x000007FEF66CF000-memory.dmp

      Filesize

      4KB

      Download

    • memory/1656-5-0x000000001B690000-0x000000001B972000-memory.dmp

      Filesize

      2.9MB

      Download

    • memory/1656-17-0x000007FEF6410000-0x000007FEF6DAD000-memory.dmp

      Filesize

      9.6MB

      Download

    • memory/1656-18-0x000007FEF6410000-0x000007FEF6DAD000-memory.dmp

      Filesize

      9.6MB

      Download