736bea879e986c36afb173d9572975ce3206645e63002690912c3a9c9236d05b

Analysis

max time kernel
118s
max time network
118s
platform
windows7_x64
resource
win7-20240903-en
resource tags

arch:x64arch:x86image:win7-20240903-enlocale:en-usos:windows7-x64system
submitted
26/02/2025, 13:46

Target

Registration (Crack)/language/en-US/HKCU.ps1
Size

451B
MD5

61784c5b761fd222f9fc4cd0aad1ce94
SHA1

ede36fbb733f67c2059dd9e6744f5a58913c139b
SHA256

c3b21f00fb1451aae184e534311bd368b5677b61da75e52df7c9dbad7bcf5be0
SHA512

76eeb2c26f0b36e56ac85b551410104ed3f5ca73a814af486f87ee213e86d57750a5c1546c77b49954f42aff9af631eca78de2e6cfa7dc8f700a7d06c16a023f

Score

6^/10

execution

Command and Scripting Interpreter: PowerShell 1 TTPs 1 IoCs

Using powershell.exe command.

PowerShell

pid	Process
2436	powershell.exe

Suspicious behavior: EnumeratesProcesses 1 IoCs

pid	Process
2436	powershell.exe

Suspicious use of AdjustPrivilegeToken 1 IoCs

description	pid	Process
Token: SeDebugPrivilege	2436	powershell.exe

Reconnaissance

Resource Development

Initial Access

Execution

Command and Scripting Interpreter

PowerShell

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

memory/2436-4-0x000007FEF61EE000-0x000007FEF61EF000-memory.dmp

Filesize
4KB

Download
memory/2436-5-0x000000001B640000-0x000000001B922000-memory.dmp

Filesize
2.9MB

Download
memory/2436-6-0x00000000022E0000-0x00000000022E8000-memory.dmp

Filesize
32KB

Download
memory/2436-7-0x000007FEF5F30000-0x000007FEF68CD000-memory.dmp

Filesize
9.6MB

Download
memory/2436-8-0x000007FEF5F30000-0x000007FEF68CD000-memory.dmp

Filesize
9.6MB

Download
memory/2436-9-0x000007FEF5F30000-0x000007FEF68CD000-memory.dmp

Filesize
9.6MB

Download
memory/2436-11-0x000007FEF5F30000-0x000007FEF68CD000-memory.dmp

Filesize
9.6MB

Download
memory/2436-10-0x000007FEF5F30000-0x000007FEF68CD000-memory.dmp

Filesize
9.6MB

Download