Overview

overview

10

Static

static

1

2fae0d8ced...a9.exe

windows7-x64

8

2fae0d8ced...a9.exe

windows10-2004-x64

10

Bredsvaerd.ps1

windows7-x64

3

Bredsvaerd.ps1

windows10-2004-x64

8

Analysis

  • max time kernel
    119s
  • max time network
    121s
  • platform
    windows7_x64
  • resource
    win7-20241010-en
  • resource tags

    arch:x64arch:x86image:win7-20241010-enlocale:en-usos:windows7-x64system
  • submitted
    10-01-2025 14:53

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    Bredsvaerd.ps1

  • Size

    53KB

  • MD5

    c556c0c8c2ec04a75e7c7c3a2f97129f

  • SHA1

    bd35a6371a4550ce15dd53928da6cc7b4ad008c1

  • SHA256

    a45adf7a90cba3399fa70a4730d308b1fce47367c81a7f379f3b45d5eb2f4475

  • SHA512

    b19b59a22651fd889f04ec40a625aef213dba51ea0a8ec2ba24f40f87589ed013ffdb4432d0dd3cc90287e9a73cba52114849542617c376ce5fcfc5cedfec8ec

  • SSDEEP

    768:tjSc3aZguzsPXToIx+pUOugyGKxggqY/L078BxQE+++FoMoNGmxLenLYuI9jzgAd:xj3aZXwXT+OhByvcjNGmdeL+yAQI6+

Score
3/10
execution

Malware Config

Signatures

  • Command and Scripting Interpreter: PowerShell 1 TTPs 1 IoCs

    Using powershell.exe command.

    execution
  • Suspicious behavior: EnumeratesProcesses 2 IoCs
  • Suspicious use of AdjustPrivilegeToken 1 IoCs
  • Suspicious use of WriteProcessMemory 3 IoCs

Processes

  • C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
    powershell.exe -ExecutionPolicy bypass -File C:\Users\Admin\AppData\Local\Temp\Bredsvaerd.ps1
    1⤵
    • Command and Scripting Interpreter: PowerShell
    • Suspicious behavior: EnumeratesProcesses
    • Suspicious use of AdjustPrivilegeToken
    • Suspicious use of WriteProcessMemory
    PID:2760
    • C:\Windows\system32\wermgr.exe
      "C:\Windows\system32\wermgr.exe" "-outproc" "2760" "904"
      2⤵
        PID:2872

    Network

    MITRE ATT&CK Enterprise v15

    Replay Monitor

    Loading Replay Monitor...

    Downloads

    • C:\Users\Admin\AppData\Local\Temp\OutofProcReport259416058.txt
      Filesize

      1KB

      MD5

      47176c472a9fc0918b2e2cf9271e7ce6

      SHA1

      d2a2985143c45f86ef3a5aa5d8a42e18eff1e0d7

      SHA256

      2d9647c9c302f63fa2adebf2b6df8b3941b9ba863640d5f47a9f41af93489b1b

      SHA512

      a0dac5d9c8492348aced736f5ae5a39278afb9860d60799774fd334a1c08fba3b126e5240ab65976e53bed567b9ecd8ec2ead4240834edcae63addd40cb82626

      Download Submit

    • memory/2760-10-0x000007FEF67D0000-0x000007FEF716D000-memory.dmp

      Filesize

      9.6MB

      Download

    • memory/2760-6-0x0000000001D20000-0x0000000001D28000-memory.dmp

      Filesize

      32KB

      Download

    • memory/2760-7-0x000007FEF67D0000-0x000007FEF716D000-memory.dmp

      Filesize

      9.6MB

      Download

    • memory/2760-8-0x000007FEF67D0000-0x000007FEF716D000-memory.dmp

      Filesize

      9.6MB

      Download

    • memory/2760-9-0x000007FEF67D0000-0x000007FEF716D000-memory.dmp

      Filesize

      9.6MB

      Download

    • memory/2760-4-0x000007FEF6A8E000-0x000007FEF6A8F000-memory.dmp

      Filesize

      4KB

      Download

    • memory/2760-11-0x000007FEF67D0000-0x000007FEF716D000-memory.dmp

      Filesize

      9.6MB

      Download

    • memory/2760-12-0x000007FEF67D0000-0x000007FEF716D000-memory.dmp

      Filesize

      9.6MB

      Download

    • memory/2760-13-0x000007FEF67D0000-0x000007FEF716D000-memory.dmp

      Filesize

      9.6MB

      Download

    • memory/2760-16-0x000007FEF67D0000-0x000007FEF716D000-memory.dmp

      Filesize

      9.6MB

      Download

    • memory/2760-5-0x000000001B6D0000-0x000000001B9B2000-memory.dmp

      Filesize

      2.9MB

      Download

    • memory/2760-17-0x000007FEF67D0000-0x000007FEF716D000-memory.dmp

      Filesize

      9.6MB

      Download