Overview

overview

10

Static

static

3

b9b72b3059...21.exe

windows7-x64

8

b9b72b3059...21.exe

windows10-2004-x64

10

Universite...de.ps1

windows7-x64

3

Universite...de.ps1

windows10-2004-x64

8

Analysis

  • max time kernel
    12s
  • max time network
    19s
  • platform
    windows7_x64
  • resource
    win7-20241010-en
  • resource tags

    arch:x64arch:x86image:win7-20241010-enlocale:en-usos:windows7-x64system
  • submitted
    14/02/2025, 03:55

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    Universitetsstuderende.ps1

  • Size

    53KB

  • MD5

    e4c90f84532e87a7be49136c6dedd496

  • SHA1

    3318b1654e28bb021204b89ed0074125ae449a8d

  • SHA256

    6313d40ac7f5dd82e268ccb8ecc0239f85d0e42fb7a484c6f6f94e644a6e36d7

  • SHA512

    3ab67b0b7f0a6f2d721e18bc6a962512dd7f58be6ef77602fa8508b357871f26f71a22cca7775132758e7774aab2473dc991cde17b62fedfe2c3c928a0db169e

  • SSDEEP

    1536:Lflo6h6Sdinsr7/AVs2yG0SGrIbmsynCDD:zlo6/f3Etyi3xD

Score
3/10
execution

Malware Config

Signatures

  • Command and Scripting Interpreter: PowerShell 1 TTPs 1 IoCs

    Using powershell.exe command.

    execution
  • Suspicious behavior: EnumeratesProcesses 2 IoCs
  • Suspicious use of AdjustPrivilegeToken 1 IoCs
  • Suspicious use of WriteProcessMemory 3 IoCs

Processes

  • C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
    powershell.exe -ExecutionPolicy bypass -File C:\Users\Admin\AppData\Local\Temp\Universitetsstuderende.ps1
    1⤵
    • Command and Scripting Interpreter: PowerShell
    • Suspicious behavior: EnumeratesProcesses
    • Suspicious use of AdjustPrivilegeToken
    • Suspicious use of WriteProcessMemory
    PID:2548
    • C:\Windows\system32\wermgr.exe
      "C:\Windows\system32\wermgr.exe" "-outproc" "2548" "908"
      2⤵
        PID:3056

    Network

    MITRE ATT&CK Enterprise v15

    Replay Monitor

    Loading Replay Monitor...

    Downloads

    • C:\Users\Admin\AppData\Local\Temp\OutofProcReport259506660.txt
      Filesize

      1KB

      MD5

      1d3df2f3673cb21f754f2a10a9aef0ad

      SHA1

      fd0663ae3f32b8cbb301b0c64258fb2cb263c48c

      SHA256

      88acd94a6651d836474e47e3d2fcc90b6b605765fa9301e6a6fd66fc8cc1443f

      SHA512

      ebf2dbb9c8c84f7929a1c924726439fb4ae1f419870a1742a21e869ea44b2945da907136d4c941b5392d302e6a175609b030a214eca10f91d06a230bb93db4f0

      Download Submit

    • memory/2548-14-0x000007FEF6180000-0x000007FEF6B1D000-memory.dmp

      Filesize

      9.6MB

      Download

    • memory/2548-15-0x000007FEF643E000-0x000007FEF643F000-memory.dmp

      Filesize

      4KB

      Download

    • memory/2548-7-0x000007FEF6180000-0x000007FEF6B1D000-memory.dmp

      Filesize

      9.6MB

      Download

    • memory/2548-4-0x000007FEF643E000-0x000007FEF643F000-memory.dmp

      Filesize

      4KB

      Download

    • memory/2548-9-0x000007FEF6180000-0x000007FEF6B1D000-memory.dmp

      Filesize

      9.6MB

      Download

    • memory/2548-10-0x000007FEF6180000-0x000007FEF6B1D000-memory.dmp

      Filesize

      9.6MB

      Download

    • memory/2548-11-0x000007FEF6180000-0x000007FEF6B1D000-memory.dmp

      Filesize

      9.6MB

      Download

    • memory/2548-12-0x000007FEF6180000-0x000007FEF6B1D000-memory.dmp

      Filesize

      9.6MB

      Download

    • memory/2548-6-0x0000000002320000-0x0000000002328000-memory.dmp

      Filesize

      32KB

      Download

    • memory/2548-13-0x000007FEF6180000-0x000007FEF6B1D000-memory.dmp

      Filesize

      9.6MB

      Download

    • memory/2548-8-0x000007FEF6180000-0x000007FEF6B1D000-memory.dmp

      Filesize

      9.6MB

      Download

    • memory/2548-16-0x000007FEF6180000-0x000007FEF6B1D000-memory.dmp

      Filesize

      9.6MB

      Download

    • memory/2548-17-0x000007FEF6180000-0x000007FEF6B1D000-memory.dmp

      Filesize

      9.6MB

      Download

    • memory/2548-18-0x000007FEF6180000-0x000007FEF6B1D000-memory.dmp

      Filesize

      9.6MB

      Download

    • memory/2548-19-0x000007FEF6180000-0x000007FEF6B1D000-memory.dmp

      Filesize

      9.6MB

      Download

    • memory/2548-20-0x000007FEF6180000-0x000007FEF6B1D000-memory.dmp

      Filesize

      9.6MB

      Download

    • memory/2548-23-0x000007FEF6180000-0x000007FEF6B1D000-memory.dmp

      Filesize

      9.6MB

      Download

    • memory/2548-5-0x000000001B220000-0x000000001B502000-memory.dmp

      Filesize

      2.9MB

      Download

    • memory/2548-24-0x000007FEF6180000-0x000007FEF6B1D000-memory.dmp

      Filesize

      9.6MB

      Download