Overview

overview

10

Static

static

1

dcc0acdc51...54.ps1

windows7-x64

3

dcc0acdc51...54.ps1

windows10-2004-x64

10

Analysis

  • max time kernel
    121s
  • max time network
    126s
  • platform
    windows7_x64
  • resource
    win7-20241010-en
  • resource tags

    arch:x64arch:x86image:win7-20241010-enlocale:en-usos:windows7-x64system
  • submitted
    29/01/2025, 03:31

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    dcc0acdc514d4c96de42b032a952d6e5308e0ce8f122b22b7da715ef3b213854.ps1

  • Size

    463KB

  • MD5

    c4f61fb22b14c5c83ccb6ca08743eb70

  • SHA1

    1636e997a6c0b98414569137de0f918c881b90c6

  • SHA256

    dcc0acdc514d4c96de42b032a952d6e5308e0ce8f122b22b7da715ef3b213854

  • SHA512

    9219908f9239852cee93dc3ed50aafb2251ec85c8c453ad950a3361628362379638eebc06b85cb27c9b8a5d27dbda6e53f4b2ff625b44880fb83ca4dd6dc3fd4

  • SSDEEP

    6144:jMcB4ABE+NPVFL2bUCUrNlKomLJVlCssptqzx:jLE+NPVFL2bUCUrNlKomLJVlCzsx

Score
3/10
execution

Malware Config

Signatures

  • Command and Scripting Interpreter: PowerShell 1 TTPs 1 IoCs

    Using powershell.exe command.

    execution
  • Suspicious behavior: EnumeratesProcesses 1 IoCs
  • Suspicious use of AdjustPrivilegeToken 1 IoCs

Processes

  • C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
    powershell.exe -ExecutionPolicy bypass -File C:\Users\Admin\AppData\Local\Temp\dcc0acdc514d4c96de42b032a952d6e5308e0ce8f122b22b7da715ef3b213854.ps1
    1⤵
    • Command and Scripting Interpreter: PowerShell
    • Suspicious behavior: EnumeratesProcesses
    • Suspicious use of AdjustPrivilegeToken
    PID:2856

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • memory/2856-4-0x000007FEF651E000-0x000007FEF651F000-memory.dmp

    Filesize

    4KB

    Download

  • memory/2856-5-0x000000001B340000-0x000000001B622000-memory.dmp

    Filesize

    2.9MB

    Download

  • memory/2856-7-0x0000000002410000-0x0000000002418000-memory.dmp

    Filesize

    32KB

    Download

  • memory/2856-6-0x000007FEF6260000-0x000007FEF6BFD000-memory.dmp

    Filesize

    9.6MB

    Download

  • memory/2856-8-0x000007FEF6260000-0x000007FEF6BFD000-memory.dmp

    Filesize

    9.6MB

    Download

  • memory/2856-9-0x000007FEF6260000-0x000007FEF6BFD000-memory.dmp

    Filesize

    9.6MB

    Download

  • memory/2856-10-0x000007FEF6260000-0x000007FEF6BFD000-memory.dmp

    Filesize

    9.6MB

    Download

  • memory/2856-11-0x000007FEF6260000-0x000007FEF6BFD000-memory.dmp

    Filesize

    9.6MB

    Download

  • memory/2856-16-0x000007FEF651E000-0x000007FEF651F000-memory.dmp

    Filesize

    4KB

    Download

  • memory/2856-17-0x000007FEF6260000-0x000007FEF6BFD000-memory.dmp

    Filesize

    9.6MB

    Download

  • memory/2856-18-0x000007FEF6260000-0x000007FEF6BFD000-memory.dmp

    Filesize

    9.6MB

    Download