Overview

overview

10

Static

static

1

be0fbc1afb...50.exe

windows7-x64

8

be0fbc1afb...50.exe

windows10-2004-x64

10

Resultatop...de.ps1

windows7-x64

3

Resultatop...de.ps1

windows10-2004-x64

8

Analysis

  • max time kernel
    119s
  • max time network
    120s
  • platform
    windows7_x64
  • resource
    win7-20241010-en
  • resource tags

    arch:x64arch:x86image:win7-20241010-enlocale:en-usos:windows7-x64system
  • submitted
    11-01-2025 04:59

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    Resultatopgrelses186/Sidelbende.ps1

  • Size

    55KB

  • MD5

    57c63a0ab9d88e2b534816f9a1f1dc63

  • SHA1

    a0baa5d70fa61fbbb4c41f76b67a71c5356dbc06

  • SHA256

    501abd115bc94a28b8eda5115ada6c9898f2142ba2d4d751d8e34ed50c59a21c

  • SHA512

    97e311a42c02e6aee32d0d07f5a5fe0781e0dcf5aa71ac6420094134c1d6e2831d76e57a15cd26b9e5032813cadd338101542ddeba74bd991a0f35e378a886be

  • SSDEEP

    1536:oVjo8ExmifsJ7BLrqJQjBKeJXIusH7QDSXzNzFlSQe:EurfszLRjkoY9H7ySXwQe

Score
3/10
execution

Malware Config

Signatures

  • Command and Scripting Interpreter: PowerShell 1 TTPs 1 IoCs

    Using powershell.exe command.

    execution
  • Suspicious behavior: EnumeratesProcesses 2 IoCs
  • Suspicious use of AdjustPrivilegeToken 1 IoCs
  • Suspicious use of WriteProcessMemory 3 IoCs

Processes

  • C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
    powershell.exe -ExecutionPolicy bypass -File C:\Users\Admin\AppData\Local\Temp\Resultatopgrelses186\Sidelbende.ps1
    1⤵
    • Command and Scripting Interpreter: PowerShell
    • Suspicious behavior: EnumeratesProcesses
    • Suspicious use of AdjustPrivilegeToken
    • Suspicious use of WriteProcessMemory
    PID:2620
    • C:\Windows\system32\wermgr.exe
      "C:\Windows\system32\wermgr.exe" "-outproc" "2620" "860"
      2⤵
        PID:1740

    Network

    MITRE ATT&CK Enterprise v15

    Replay Monitor

    Loading Replay Monitor...

    Downloads

    • C:\Users\Admin\AppData\Local\Temp\OutofProcReport259445502.txt
      Filesize

      1KB

      MD5

      385be4e3fc2184ff65874f161f817da8

      SHA1

      89f02840685201253df4547d19747f2711295eba

      SHA256

      aa8ac9a52613d190852393217715d1b85fb8d97fbf58ebf4ccdfe207681e2b2c

      SHA512

      b3ac4359542f5c88e4478a9f505ed102d7f87eb33594e453deffac2ba42727bd4c6e1c51f7e16e6441df15626113101c4214f2cb770eb675cb4cc579b8f48a7b

      Download Submit

    • memory/2620-11-0x000007FEF5970000-0x000007FEF630D000-memory.dmp

      Filesize

      9.6MB

      Download

    • memory/2620-6-0x0000000001F00000-0x0000000001F08000-memory.dmp

      Filesize

      32KB

      Download

    • memory/2620-7-0x000007FEF5970000-0x000007FEF630D000-memory.dmp

      Filesize

      9.6MB

      Download

    • memory/2620-9-0x000007FEF5970000-0x000007FEF630D000-memory.dmp

      Filesize

      9.6MB

      Download

    • memory/2620-8-0x000007FEF5970000-0x000007FEF630D000-memory.dmp

      Filesize

      9.6MB

      Download

    • memory/2620-4-0x000007FEF5C2E000-0x000007FEF5C2F000-memory.dmp

      Filesize

      4KB

      Download

    • memory/2620-10-0x000007FEF5970000-0x000007FEF630D000-memory.dmp

      Filesize

      9.6MB

      Download

    • memory/2620-13-0x000007FEF5970000-0x000007FEF630D000-memory.dmp

      Filesize

      9.6MB

      Download

    • memory/2620-12-0x000007FEF5970000-0x000007FEF630D000-memory.dmp

      Filesize

      9.6MB

      Download

    • memory/2620-5-0x000000001B610000-0x000000001B8F2000-memory.dmp

      Filesize

      2.9MB

      Download

    • memory/2620-16-0x000007FEF5970000-0x000007FEF630D000-memory.dmp

      Filesize

      9.6MB

      Download

    • memory/2620-17-0x000007FEF5970000-0x000007FEF630D000-memory.dmp

      Filesize

      9.6MB

      Download