Analysis
-
max time kernel
73s -
max time network
66s -
platform
windows10-2004_x64 -
resource
win10v2004-20241007-en -
resource tags
arch:x64arch:x86image:win10v2004-20241007-enlocale:en-usos:windows10-2004-x64system -
submitted
27/01/2025, 20:52
Static task
static1
Behavioral task
behavioral1
Sample
PowerVerse.exe
Resource
win7-20240903-en
Behavioral task
behavioral2
Sample
PowerVerse.exe
Resource
win10v2004-20241007-en
General
-
Target
PowerVerse.exe
-
Size
28KB
-
MD5
49b731e84a38056294fd0e483fc99b85
-
SHA1
b2c94378d4416a505eb88f5174a8dc01a7ffc548
-
SHA256
eda36519020d4c8bd126a8186aefc15afb84b08a709aee69a95c2753641ca646
-
SHA512
ca036dc10e0dd23b941fcc4efc1a27053f051697a889b1429e4c476ea990ab29dc6ba4bb317c822a0273459aca63092a8bfbc9d3f97b6de44175d096e7066dc0
-
SSDEEP
768:bEH4HId1sPYRquXM41v1UbpCPrUgm3HtJ:bEH4FPnGIMPgX3P
Malware Config
Signatures
-
Suspicious behavior: EnumeratesProcesses 3 IoCs
pid Process 3084 PowerVerse.exe 2184 PowerVerse.exe 2184 PowerVerse.exe -
Suspicious use of AdjustPrivilegeToken 2 IoCs
description pid Process Token: SeDebugPrivilege 3084 PowerVerse.exe Token: SeDebugPrivilege 2184 PowerVerse.exe
Processes
-
C:\Users\Admin\AppData\Local\Temp\PowerVerse.exe"C:\Users\Admin\AppData\Local\Temp\PowerVerse.exe"1⤵
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of AdjustPrivilegeToken
PID:3084
-
C:\Windows\system32\svchost.exeC:\Windows\system32\svchost.exe -k LocalService -p -s fdPHost1⤵PID:2368
-
C:\Windows\System32\rundll32.exeC:\Windows\System32\rundll32.exe C:\Windows\System32\shell32.dll,SHCreateLocalServerRunDll {9aa46009-3ce0-458a-a354-715610a075e6} -Embedding1⤵PID:1292
-
C:\Users\Admin\AppData\Local\Temp\PowerVerse.exe"C:\Users\Admin\AppData\Local\Temp\PowerVerse.exe"1⤵
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of AdjustPrivilegeToken
PID:2184
Network
MITRE ATT&CK Matrix
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
3KB
MD55c397610518696e193bf8c89174e5740
SHA11ca5d4600d1fd944b312be37d6844aa749212109
SHA256e5fcf8ac446cebe079a3464909224e66687bcf75a0511abb45924faebaf7c668
SHA512e793a4e4e7084304649d75cadaa49c5a63b0e1948bc4ffab869304db60573a445bab751b7ac6ac49c7919bffc7ba8b8fec2309757ca72776ef07c71cfa1f7eae
-
Filesize
60B
MD5d17fe0a3f47be24a6453e9ef58c94641
SHA16ab83620379fc69f80c0242105ddffd7d98d5d9d
SHA25696ad1146eb96877eab5942ae0736b82d8b5e2039a80d3d6932665c1a4c87dcf7
SHA5125b592e58f26c264604f98f6aa12860758ce606d1c63220736cf0c779e4e18e3cec8706930a16c38b20161754d1017d1657d35258e58ca22b18f5b232880dec82