Overview

overview

10

Static

static

1

ClawGameTemp.ps1

windows7-x64

3

ClawGameTemp.ps1

windows10-2004-x64

10

Resubmissions

22-02-2025 22:46

250222-2p931a1ndm 10

22-02-2025 22:41

250222-2mjs2a1mhn 10

22-02-2025 21:12

250222-z15asazkfr 10

Analysis

  • max time kernel
    121s
  • max time network
    123s
  • platform
    windows7_x64
  • resource
    win7-20240903-en
  • resource tags

    arch:x64arch:x86image:win7-20240903-enlocale:en-usos:windows7-x64system
  • submitted
    22-02-2025 22:41

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    ClawGameTemp.ps1

  • Size

    7KB

  • MD5

    beab656dc763c45a35bf5833fae6349d

  • SHA1

    15e66182eeb30ec6b1b8b37d083108b58e9457e1

  • SHA256

    6f69db9e402c3ced09d2fffff59f5981515853395757dfc131967bd18b3c1689

  • SHA512

    1743c0cfea6f09abbb5370baa2cad9bd3956d3c47c755c8ed4a7c6dd16d7e8df6fae670e60d93a182f97e1593770084a83613b78a6ea45997a2e2fcbb8113bf6

  • SSDEEP

    192:oNQfEMxiPuj8JElIIxshDJ4J9yxWJrAikRhw1Qzf1dovaap0vo9vwvYvMqvUPPRs:/TiPGKiqwa7yXx/3

Score
3/10
execution

Malware Config

Signatures

  • Command and Scripting Interpreter: PowerShell 1 TTPs 1 IoCs

    Using powershell.exe command.

    execution
  • Suspicious behavior: EnumeratesProcesses 1 IoCs
  • Suspicious use of AdjustPrivilegeToken 1 IoCs

Processes

  • C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
    powershell.exe -ExecutionPolicy bypass -File C:\Users\Admin\AppData\Local\Temp\ClawGameTemp.ps1
    1⤵
    • Command and Scripting Interpreter: PowerShell
    • Suspicious behavior: EnumeratesProcesses
    • Suspicious use of AdjustPrivilegeToken
    PID:1228

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • memory/1228-4-0x000007FEF560E000-0x000007FEF560F000-memory.dmp

    Filesize

    4KB

    Download

  • memory/1228-5-0x000000001B4F0000-0x000000001B7D2000-memory.dmp

    Filesize

    2.9MB

    Download

  • memory/1228-7-0x000007FEF5350000-0x000007FEF5CED000-memory.dmp

    Filesize

    9.6MB

    Download

  • memory/1228-6-0x0000000001D10000-0x0000000001D18000-memory.dmp

    Filesize

    32KB

    Download

  • memory/1228-9-0x000007FEF5350000-0x000007FEF5CED000-memory.dmp

    Filesize

    9.6MB

    Download

  • memory/1228-8-0x000007FEF5350000-0x000007FEF5CED000-memory.dmp

    Filesize

    9.6MB

    Download

  • memory/1228-10-0x000007FEF5350000-0x000007FEF5CED000-memory.dmp

    Filesize

    9.6MB

    Download

  • memory/1228-11-0x000007FEF560E000-0x000007FEF560F000-memory.dmp

    Filesize

    4KB

    Download

  • memory/1228-12-0x000007FEF5350000-0x000007FEF5CED000-memory.dmp

    Filesize

    9.6MB

    Download