Overview

overview

10

Static

static

1

ca9af3c471...3d.ps1

windows7-x64

3

ca9af3c471...3d.ps1

windows10-2004-x64

10

Analysis

  • max time kernel
    122s
  • max time network
    147s
  • platform
    windows7_x64
  • resource
    win7-20241010-en
  • resource tags

    arch:x64arch:x86image:win7-20241010-enlocale:en-usos:windows7-x64system
  • submitted
    29/01/2025, 03:24

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    ca9af3c4717ffe322f5e2f02fc8745f5744f5e8397a87212246099b4c3e2a53d.ps1

  • Size

    456KB

  • MD5

    067e3f77fde1c988ac1d1413bafc29ae

  • SHA1

    e2a17181441c1e573a47d7ef8c259bf9797be9e8

  • SHA256

    ca9af3c4717ffe322f5e2f02fc8745f5744f5e8397a87212246099b4c3e2a53d

  • SHA512

    740bd6be6b4eaa189b596abd56eb9fc48b7c7c31b7fb6990ca27c2ee4e2174a9a1e95b4aca2415b4ae59a3b358cbe12b23a44e145fab4fe7b8cdf4a2d669427f

  • SSDEEP

    1536:g9dW/z20+u4dXNR8WrlDnqIuH7FWRGPP3jU86lsWST+HxYfn8qgy5J+LLg7WMJV8:gzaGD

Score
3/10
discoveryexecution

Malware Config

Signatures

  • Command and Scripting Interpreter: PowerShell 1 TTPs 1 IoCs

    Using powershell.exe command.

    execution
  • System Location Discovery: System Language Discovery 1 TTPs 1 IoCs

    Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

    discovery
  • Modifies Internet Explorer settings 1 TTPs 34 IoCs
    adwarespyware
  • Scheduled Task/Job: Scheduled Task 1 TTPs 1 IoCs

    Schtasks is often used by malware for persistence or to perform post-infection execution.

    persistenceexecution
  • Suspicious behavior: EnumeratesProcesses 1 IoCs
  • Suspicious use of AdjustPrivilegeToken 1 IoCs
  • Suspicious use of FindShellTrayWindow 1 IoCs
  • Suspicious use of SetWindowsHookEx 6 IoCs
  • Suspicious use of WriteProcessMemory 13 IoCs
  • Uses Task Scheduler COM API 1 TTPs

    The Task Scheduler COM API can be used to schedule applications to run on boot or at set times.

    persistence

Processes

  • C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
    powershell.exe -ExecutionPolicy bypass -File C:\Users\Admin\AppData\Local\Temp\ca9af3c4717ffe322f5e2f02fc8745f5744f5e8397a87212246099b4c3e2a53d.ps1
    1⤵
    • Command and Scripting Interpreter: PowerShell
    • Suspicious behavior: EnumeratesProcesses
    • Suspicious use of AdjustPrivilegeToken
    • Suspicious use of WriteProcessMemory
    PID:2816
    • C:\Windows\system32\schtasks.exe
      "C:\Windows\system32\schtasks.exe" /Create /XML \Users\Public\Music\//UKqoc24IV1YQ.xml /TN MicrosoftEdgeUpdateTaskMachineCore6645
      2⤵
      • Scheduled Task/Job: Scheduled Task
      PID:2868
    • C:\Windows\system32\schtasks.exe
      "C:\Windows\system32\schtasks.exe" /run /tn MicrosoftEdgeUpdateTaskMachineCore6645
      2⤵
        PID:2648
      • C:\Program Files\Internet Explorer\iexplore.exe
        "C:\Program Files\Internet Explorer\iexplore.exe" https://www.ssa.gov/benefits/retirement/social-security-fairness-act.html
        2⤵
        • Modifies Internet Explorer settings
        • Suspicious use of FindShellTrayWindow
        • Suspicious use of SetWindowsHookEx
        • Suspicious use of WriteProcessMemory
        PID:2852
        • C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
          "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2852 CREDAT:275457 /prefetch:2
          3⤵
          • System Location Discovery: System Language Discovery
          • Modifies Internet Explorer settings
          • Suspicious use of SetWindowsHookEx
          PID:2692

    Network

    MITRE ATT&CK Enterprise v15

    Replay Monitor

    Loading Replay Monitor...

    Downloads

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
      Filesize

      342B

      MD5

      820dbe4a8413f88f15d64e20bf300a3b

      SHA1

      38206f1102eb938dac4cab7f832f4710ccca59af

      SHA256

      181b39f22285bf93377e35aaf995f8699862693b458c536e3dc6977b1c9ab3c9

      SHA512

      5f3d7211c33223073bf4cebf2af49af920aa52b51ccb48e1c6da83c8ecb980fb6e6e9b1c277df1cdd3bce69db24528465bf8859b520af1554a7e2c9eae90e88b

      Download Submit

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
      Filesize

      342B

      MD5

      dd4649568e4836c90191589d88c00dbd

      SHA1

      8cbbcdee0f3776ef79e3ac1615f8e7d65409f3d1

      SHA256

      dea0362803fd447605ea550cb73a8edc78df338db2f1eca96aa5883cd02a92c8

      SHA512

      2a371d0777a1c59a67326346306b4088e5ef198c874521e0708df7b7dbe2e4390b9c7aa9ddc742d7d85bbdfc28bbb089db62a6b7eab0d649b481c824a2f42b7c

      Download Submit

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
      Filesize

      342B

      MD5

      4d25dee1a5a80676f12f6143defed248

      SHA1

      a6cd9a87cc65ab3985965bdb867ffc757f8b9154

      SHA256

      2f715e1fe2ae5ed8634e8e8e8a1ee1e7ca842d914010db8988fb18811ed372d6

      SHA512

      e3f9939f30873f9059af7ed9ea2ec6a9d84784930a736a5100829feb726ea082a8c03337ee91c883349a169bcdf3bcaf80cf4be1d1859ab5eedb2625c1ce7687

      Download Submit

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
      Filesize

      342B

      MD5

      ba1bb5f0fa1e2d9b91cfc5709b939171

      SHA1

      c90f4bc2b871bf9692368335d45f974fde00d57a

      SHA256

      7cb0b33a593db99e59ba6e3a5f612b500b6c7e92ca4fe31c65a4e926875da6d1

      SHA512

      99a52c21b53afe70411b4dcdc24b23002f6bcde552aaa33dc4ca7367d93431b3a5c6aacf82288f6307bd7faf34c6746775cd87a1bf37da2116008956d5ae73ea

      Download Submit

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
      Filesize

      342B

      MD5

      d57b839492958cea121d8c5b6730e9df

      SHA1

      b21e3311fafe4028bd2265c88221ab200355f3dc

      SHA256

      eae105003dfc2d50ebd75b12c066d92cbce7f25e244d8174b8eb12389313c7d5

      SHA512

      15af0fd5655268a7bed0a617a0f8e45d4de70d71fa2cabb87ec9132b13f186e8464db998f55e3a8c0a1ea9e59a6a90c949660f06930e20ad11a775e203fe171a

      Download Submit

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
      Filesize

      342B

      MD5

      067c00d32bfe186b7ba333d89a169a0f

      SHA1

      22c1739dd4d357980237c0b2c29c6002844a050c

      SHA256

      774c608062da2e37876d49204e8fae6dc0e08a3c9a52e455fc1f66b09ddceb7d

      SHA512

      3b399bef6ce86f953feb10854612cd1fee4cc7576d0ef511bff4fe864410667b5d0cda9e677ab5f307a457ea9d697d17caa10a19abdd1f1dee348937e1beab1a

      Download Submit

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
      Filesize

      342B

      MD5

      a141eb243604870cfc90a25a3953f027

      SHA1

      206e9f62b046b7614898eda62059da2a98ae9ae9

      SHA256

      775dc3e59cc51ef96c4a68879bc1330de6c7bc748bdc3daa720cd5407e8fff36

      SHA512

      2799b8035c147e6c029d60a44b5dfcb934d5f26de0c3ad2f1968be0a4c0675544c38be46d20535d657907e4bfc3f27c58ad86a632fabaaca3ee04ebb1530fc82

      Download Submit

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
      Filesize

      342B

      MD5

      e532b6695505273a3cb0bd5dc49d0b7d

      SHA1

      13c7f36c703fcb587398471b42f827a6790adf25

      SHA256

      e7e3b4b9aba8297a6be11633ce9bf129ee752da7d4fab04fd04f3a8a35049f46

      SHA512

      d400a73ad87c50a4bc6b58a346784a4c1cfea2096c2ccfcde53b3ac9177403c43e2b955cdb169fbcfbfe382f6494e5ac5ddab1883392ae31e619a8b04c75f838

      Download Submit

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
      Filesize

      342B

      MD5

      5121fd5b6bc8e5d8744781bc532386e8

      SHA1

      e8aad986b2e967ca591cacdbc6ab1c44473cc98d

      SHA256

      1b0bb8515569f5b7a11b4263bb9ea7eceeb60768bd67c423f77a506504813910

      SHA512

      95cd91990504202f3b0db5d11d97eafef1299b1d53763b7696f753d012b8e03ce689e87b4c505b6753ce011268fcf8068e1cbc2dd12b72ee7c4814f0e6aedd2e

      Download Submit

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
      Filesize

      342B

      MD5

      bd0f1d3b9f29c98912f51622574a7aa2

      SHA1

      2ac80604cc3abd6a96ec365fc330c9ac92ad9173

      SHA256

      d0435d24bc71fff88983470be127ef4ad47b0579dc3b5d60fb6b187acd7211f2

      SHA512

      e177332272363e0366e6e55cfddffdf4131bae265e29441467ab8f8c5c63d0795bbff824fbf6145dfedf906b8e99d1cb095ccb294f44cc1d9419720f74d82772

      Download Submit

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
      Filesize

      342B

      MD5

      4e692ea7367a3aae5d73c07d9b0f4fc2

      SHA1

      cb55ac6e904e0e3e89d0cfc8b84b3aea797ed706

      SHA256

      f7d8aee91dc982a6bd80a05766b380ed6f08d9f31dd1a02d94e7d30aee593794

      SHA512

      726e242082719106e03a794aa96b1a607486a7d11f95480b2ece683c18f68891bb2e95faac73caa1d2ff5edf1d6dcb42990dc80cc318c4f6fda09a8904d968b3

      Download Submit

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
      Filesize

      342B

      MD5

      582a968acd7aff7519cbd71e724456eb

      SHA1

      9ae1f5a6abd0982268e753ea27e9e6885105db53

      SHA256

      b1fd5569110b8567d1bf8c717dc200ce825712ac2e8a236a21974e8a14233d3b

      SHA512

      7aa1cb7c3eafec7e2cb37050a20acd536c3990e051b8f7f75cc79fa7274f3ffd73f6bb2a324188adcc80237fec6d4959603ecee1b0ce9f9d123709d5a67eb619

      Download Submit

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
      Filesize

      342B

      MD5

      bf44bbcdebe908246005ddaef2f17658

      SHA1

      220b800c9a807caf541bd999e65bba52c882c2a6

      SHA256

      c4511352238e9854317f39095be66af0f11b0c700baa76e3fcf86c9461192d36

      SHA512

      0f1bb9013e2cd7a16697dd0460a616d4cf695b2f2a52b34f85958248cba6fcafe7a7145abc56ee5556a8bf2926fd8f6b56746e31dd599c3c97ccf94e25223cba

      Download Submit

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
      Filesize

      342B

      MD5

      792eacc7bd0d2b05a977d26c813c8133

      SHA1

      3cf9a5177f4f71ca3cb802aa7ac7c358064f9006

      SHA256

      1e981a0e352469fdf43ac691407c16414fb909c571358c47baf8479afbbcdfdc

      SHA512

      7a6abf21e1462532335c2ffc5aa4fad5e7133464e80799da07e7db3a89c5a105a59c7c077eff88cbd340ba2d51cc69aaffb5d0cfd5769b2d3ce330390022dc2e

      Download Submit

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
      Filesize

      342B

      MD5

      f1b781431243784776c3fe7331f02c53

      SHA1

      db9056f0f24d3be0ffb304bca9974f3a61f29eb9

      SHA256

      e745355edc70db166246cde7b33d8ce53c9addff8e978cda222615f54ad5ad74

      SHA512

      47599a6095feaf0695aea1d0a7962c272bb37707dd3ae3850b29a1248e55c89f9f6c38a205fff302a3b4f82ae17818c85c9a916fae3c662adec430c1a17d6892

      Download Submit

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
      Filesize

      342B

      MD5

      0bbb66113421f070cd1f2e78730cb7a7

      SHA1

      724d9cd3b54dbc62de1274e547fdb68c8e846832

      SHA256

      c2c76a61c74595a08dc99af5846f80174ce05407626e9a42dbb098bfa0d03428

      SHA512

      ae21a15ce83686eea3e5bca2f0901f8a5f10af204801290f7d64775d179f6f1f4340971a1f8a7f3df0a0e370421bed0a05207e5112970bd603535f4da5597361

      Download Submit

    • C:\Users\Admin\AppData\Local\Temp\Cab934D.tmp
      Filesize

      70KB

      MD5

      49aebf8cbd62d92ac215b2923fb1b9f5

      SHA1

      1723be06719828dda65ad804298d0431f6aff976

      SHA256

      b33efcb95235b98b48508e019afa4b7655e80cf071defabd8b2123fc8b29307f

      SHA512

      bf86116b015fb56709516d686e168e7c9c68365136231cc51d0b6542ae95323a71d2c7acec84aad7dcecc2e410843f6d82a0a6d51b9acfc721a9c84fdd877b5b

      Download Submit

    • C:\Users\Admin\AppData\Local\Temp\Tar941B.tmp
      Filesize

      181KB

      MD5

      4ea6026cf93ec6338144661bf1202cd1

      SHA1

      a1dec9044f750ad887935a01430bf49322fbdcb7

      SHA256

      8efbc21559ef8b1bcf526800d8070baad42474ce7198e26fa771dbb41a76b1d8

      SHA512

      6c7e0980e39aacf4c3689802353f464a08cd17753bd210ee997e5f2a455deb4f287a9ef74d84579dbde49bc96213cd2b8b247723919c412ea980aa6e6bfe218b

      Download Submit

    • C:\Users\Public\Music\UKqoc24IV1YQ.xml
      Filesize

      1KB

      MD5

      1e9e5a7078dbd492a03f964006d34cf1

      SHA1

      743c617edc62c21ebdf62879c7fbc635863c8d9b

      SHA256

      148a4cb2733c2ffc9dd3f36229570eaf2dd925b0b5acb8a5b5f3e5adad218095

      SHA512

      d7788029ca86f05c4e7bd18bc24c665249c7108d757817c516efa7a22fb0f9e0b02d4ac4c6db95a143fcdb0351aae60ebc318963f39fb899d1f3204c5c300bc9

      Download Submit

    • memory/2816-8-0x000007FEF5FB0000-0x000007FEF694D000-memory.dmp

      Filesize

      9.6MB

      Download

    • memory/2816-6-0x00000000022A0000-0x00000000022A8000-memory.dmp

      Filesize

      32KB

      Download

    • memory/2816-4-0x000007FEF626E000-0x000007FEF626F000-memory.dmp

      Filesize

      4KB

      Download

    • memory/2816-5-0x000000001B300000-0x000000001B5E2000-memory.dmp

      Filesize

      2.9MB

      Download

    • memory/2816-7-0x000007FEF5FB0000-0x000007FEF694D000-memory.dmp

      Filesize

      9.6MB

      Download

    • memory/2816-16-0x000007FEF5FB0000-0x000007FEF694D000-memory.dmp

      Filesize

      9.6MB

      Download

    • memory/2816-9-0x000007FEF5FB0000-0x000007FEF694D000-memory.dmp

      Filesize

      9.6MB

      Download

    • memory/2816-13-0x000007FEF5FB0000-0x000007FEF694D000-memory.dmp

      Filesize

      9.6MB

      Download

    • memory/2816-14-0x000007FEF5FB0000-0x000007FEF694D000-memory.dmp

      Filesize

      9.6MB

      Download