Overview

overview

10

Static

static

1

be0fbc1afb...50.exe

windows7-x64

8

be0fbc1afb...50.exe

windows10-2004-x64

10

Resultatop...de.ps1

windows7-x64

3

Resultatop...de.ps1

windows10-2004-x64

8

Analysis

  • max time kernel
    117s
  • max time network
    119s
  • platform
    windows7_x64
  • resource
    win7-20240903-en
  • resource tags

    arch:x64arch:x86image:win7-20240903-enlocale:en-usos:windows7-x64system
  • submitted
    10/01/2025, 14:08

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    Resultatopgrelses186/Sidelbende.ps1

  • Size

    55KB

  • MD5

    57c63a0ab9d88e2b534816f9a1f1dc63

  • SHA1

    a0baa5d70fa61fbbb4c41f76b67a71c5356dbc06

  • SHA256

    501abd115bc94a28b8eda5115ada6c9898f2142ba2d4d751d8e34ed50c59a21c

  • SHA512

    97e311a42c02e6aee32d0d07f5a5fe0781e0dcf5aa71ac6420094134c1d6e2831d76e57a15cd26b9e5032813cadd338101542ddeba74bd991a0f35e378a886be

  • SSDEEP

    1536:oVjo8ExmifsJ7BLrqJQjBKeJXIusH7QDSXzNzFlSQe:EurfszLRjkoY9H7ySXwQe

Score
3/10
execution

Malware Config

Signatures

  • Command and Scripting Interpreter: PowerShell 1 TTPs 1 IoCs

    Using powershell.exe command.

    execution
  • Suspicious behavior: EnumeratesProcesses 2 IoCs
  • Suspicious use of AdjustPrivilegeToken 1 IoCs
  • Suspicious use of WriteProcessMemory 3 IoCs

Processes

  • C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
    powershell.exe -ExecutionPolicy bypass -File C:\Users\Admin\AppData\Local\Temp\Resultatopgrelses186\Sidelbende.ps1
    1⤵
    • Command and Scripting Interpreter: PowerShell
    • Suspicious behavior: EnumeratesProcesses
    • Suspicious use of AdjustPrivilegeToken
    • Suspicious use of WriteProcessMemory
    PID:1748
    • C:\Windows\system32\wermgr.exe
      "C:\Windows\system32\wermgr.exe" "-outproc" "1748" "860"
      2⤵
        PID:2304

    Network

    MITRE ATT&CK Enterprise v15

    Replay Monitor

    Loading Replay Monitor...

    Downloads

    • C:\Users\Admin\AppData\Local\Temp\OutofProcReport259428682.txt
      Filesize

      1KB

      MD5

      b12a9ee34b8329795bced06d7754dac5

      SHA1

      c79b6a66e9bf1ab7338851214e7347f6d7524a86

      SHA256

      9079fecee3ea3a80512b121a353b39bd1cc46b92dc5753aeb163f20f0d499666

      SHA512

      94ceca03d700d1af9a31232f5dee2d857786342eda1918b74c1e268238262fe7107db72219dc320f37bb67ebdd51071628aacee49e8d1c2b19c48cf11f8b1e52

      Download Submit

    • memory/1748-4-0x000007FEF572E000-0x000007FEF572F000-memory.dmp

      Filesize

      4KB

      Download

    • memory/1748-5-0x000000001B760000-0x000000001BA42000-memory.dmp

      Filesize

      2.9MB

      Download

    • memory/1748-6-0x0000000001D20000-0x0000000001D28000-memory.dmp

      Filesize

      32KB

      Download

    • memory/1748-7-0x000007FEF5470000-0x000007FEF5E0D000-memory.dmp

      Filesize

      9.6MB

      Download

    • memory/1748-8-0x000007FEF5470000-0x000007FEF5E0D000-memory.dmp

      Filesize

      9.6MB

      Download

    • memory/1748-9-0x000007FEF5470000-0x000007FEF5E0D000-memory.dmp

      Filesize

      9.6MB

      Download

    • memory/1748-11-0x000007FEF5470000-0x000007FEF5E0D000-memory.dmp

      Filesize

      9.6MB

      Download

    • memory/1748-10-0x000007FEF5470000-0x000007FEF5E0D000-memory.dmp

      Filesize

      9.6MB

      Download

    • memory/1748-12-0x000007FEF5470000-0x000007FEF5E0D000-memory.dmp

      Filesize

      9.6MB

      Download

    • memory/1748-15-0x000007FEF5470000-0x000007FEF5E0D000-memory.dmp

      Filesize

      9.6MB

      Download

    • memory/1748-16-0x000007FEF5470000-0x000007FEF5E0D000-memory.dmp

      Filesize

      9.6MB

      Download