Overview

overview

10

Static

static

1

2fae0d8ced...a9.exe

windows7-x64

8

2fae0d8ced...a9.exe

windows10-2004-x64

10

Bredsvaerd.ps1

windows7-x64

3

Bredsvaerd.ps1

windows10-2004-x64

8

Analysis

  • max time kernel
    121s
  • max time network
    122s
  • platform
    windows7_x64
  • resource
    win7-20240903-en
  • resource tags

    arch:x64arch:x86image:win7-20240903-enlocale:en-usos:windows7-x64system
  • submitted
    11-01-2025 02:48

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    Bredsvaerd.ps1

  • Size

    53KB

  • MD5

    c556c0c8c2ec04a75e7c7c3a2f97129f

  • SHA1

    bd35a6371a4550ce15dd53928da6cc7b4ad008c1

  • SHA256

    a45adf7a90cba3399fa70a4730d308b1fce47367c81a7f379f3b45d5eb2f4475

  • SHA512

    b19b59a22651fd889f04ec40a625aef213dba51ea0a8ec2ba24f40f87589ed013ffdb4432d0dd3cc90287e9a73cba52114849542617c376ce5fcfc5cedfec8ec

  • SSDEEP

    768:tjSc3aZguzsPXToIx+pUOugyGKxggqY/L078BxQE+++FoMoNGmxLenLYuI9jzgAd:xj3aZXwXT+OhByvcjNGmdeL+yAQI6+

Score
3/10
execution

Malware Config

Signatures

  • Command and Scripting Interpreter: PowerShell 1 TTPs 1 IoCs

    Using powershell.exe command.

    execution
  • Suspicious behavior: EnumeratesProcesses 2 IoCs
  • Suspicious use of AdjustPrivilegeToken 1 IoCs
  • Suspicious use of WriteProcessMemory 3 IoCs

Processes

  • C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
    powershell.exe -ExecutionPolicy bypass -File C:\Users\Admin\AppData\Local\Temp\Bredsvaerd.ps1
    1⤵
    • Command and Scripting Interpreter: PowerShell
    • Suspicious behavior: EnumeratesProcesses
    • Suspicious use of AdjustPrivilegeToken
    • Suspicious use of WriteProcessMemory
    PID:2300
    • C:\Windows\system32\wermgr.exe
      "C:\Windows\system32\wermgr.exe" "-outproc" "2300" "856"
      2⤵
        PID:2560

    Network

    MITRE ATT&CK Enterprise v15

    Replay Monitor

    Loading Replay Monitor...

    Downloads

    • C:\Users\Admin\AppData\Local\Temp\OutofProcReport259447840.txt
      Filesize

      1KB

      MD5

      f33a7d2d6a168e711b129b8c87fa9aa1

      SHA1

      ebd00b7b7703ae97acf71cf328678c6b76e8ffb5

      SHA256

      932abdeb5fd1a3a5658e74e99ce54514e908c4a22468677b85f07b862608c7b3

      SHA512

      99657f833eea3227d5e2db5f828989402b81013f43c10d5b5ab2519f627b4c14e608cd9e2667814d0f6205917e48a32f3fbca3429cfad7f021829c231672c415

      Download Submit

    • memory/2300-4-0x000007FEF55BE000-0x000007FEF55BF000-memory.dmp

      Filesize

      4KB

      Download

    • memory/2300-5-0x000000001B730000-0x000000001BA12000-memory.dmp

      Filesize

      2.9MB

      Download

    • memory/2300-7-0x000007FEF5300000-0x000007FEF5C9D000-memory.dmp

      Filesize

      9.6MB

      Download

    • memory/2300-6-0x0000000001FF0000-0x0000000001FF8000-memory.dmp

      Filesize

      32KB

      Download

    • memory/2300-8-0x000007FEF5300000-0x000007FEF5C9D000-memory.dmp

      Filesize

      9.6MB

      Download

    • memory/2300-9-0x000007FEF5300000-0x000007FEF5C9D000-memory.dmp

      Filesize

      9.6MB

      Download

    • memory/2300-10-0x000007FEF5300000-0x000007FEF5C9D000-memory.dmp

      Filesize

      9.6MB

      Download

    • memory/2300-11-0x000007FEF5300000-0x000007FEF5C9D000-memory.dmp

      Filesize

      9.6MB

      Download

    • memory/2300-12-0x000007FEF5300000-0x000007FEF5C9D000-memory.dmp

      Filesize

      9.6MB

      Download

    • memory/2300-15-0x000007FEF5300000-0x000007FEF5C9D000-memory.dmp

      Filesize

      9.6MB

      Download

    • memory/2300-16-0x000007FEF5300000-0x000007FEF5C9D000-memory.dmp

      Filesize

      9.6MB

      Download