ae7811c08d45da31fecb2a31c6491459765667f12bc187abaf40db75755e4b1a | Triage

Resubmissions

02-01-2025 15:41

250102-s4q41awrh1 8

02-01-2025 15:38

250102-s248vazkgq 10

Sharing

General

Target

malicious_script_1.ps1
Size

2KB
Sample

250102-s4q41awrh1
MD5

a19cff86bcb8ba356ca034582a53f870
SHA1

d9a1cf4e9125ab420ebb614f67cb81c6efed1afb
SHA256

ae7811c08d45da31fecb2a31c6491459765667f12bc187abaf40db75755e4b1a
SHA512

4c5e9fb74d890d1b69f1ebc2fc5daae20229f69bee3f4a1e26b8f9465812f39555de5e15dcbda7b1fc3a6c6042dca05d57b4591cd2f545935d8d5e4a75d4e9a6

Score

8^/10

discovery execution

Malware Config

Targets

- Target
  
  malicious_script_1.ps1
- Size
  
  2KB
- MD5
  
  a19cff86bcb8ba356ca034582a53f870
- SHA1
  
  d9a1cf4e9125ab420ebb614f67cb81c6efed1afb
- SHA256
  
  ae7811c08d45da31fecb2a31c6491459765667f12bc187abaf40db75755e4b1a
- SHA512
  
  4c5e9fb74d890d1b69f1ebc2fc5daae20229f69bee3f4a1e26b8f9465812f39555de5e15dcbda7b1fc3a6c6042dca05d57b4591cd2f545935d8d5e4a75d4e9a6
Score

8^/10

discovery execution
- Blocklisted process makes network request
- Command and Scripting Interpreter: PowerShell
  Using powershell.exe command.
  execution
- Downloads MZ/PE file
- Drops startup file
- Executes dropped EXE
- Loads dropped DLL
behavioral1

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Command and Scripting Interpreter

PowerShell

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

discoveryexecution