Analysis
-
max time kernel
121s -
max time network
122s -
platform
windows7_x64 -
resource
win7-20250207-en -
resource tags
arch:x64arch:x86image:win7-20250207-enlocale:en-usos:windows7-x64system -
submitted
07/03/2025, 14:06
Static task
static1
Behavioral task
behavioral1
Sample
4186a7812c15ec48234e91b4268541455c5d3496807efe3a05afcf94c90284e7.exe
Resource
win7-20240903-en
Behavioral task
behavioral2
Sample
4186a7812c15ec48234e91b4268541455c5d3496807efe3a05afcf94c90284e7.exe
Resource
win10v2004-20250217-en
Behavioral task
behavioral3
Sample
Pericenter.ps1
Resource
win7-20250207-en
Behavioral task
behavioral4
Sample
Pericenter.ps1
Resource
win10v2004-20250217-en
General
-
Target
Pericenter.ps1
-
Size
53KB
-
MD5
2d7a9b17a981757aeb3b8945b15bb897
-
SHA1
7c27d9e5ce5ec9dfc5f13985769ca91698980e2a
-
SHA256
7c7023149ea38184f67f040b8fac8f56804e7a84886678e7df8409354d3b0b7d
-
SHA512
83370533553f6f55c644fc3b203c1e7e3572c69bc570776f0fbe79c146174fdfd3a037cf54c943222fd07d72fb0ac466b9154753adf4c5314a91ebfdbd8b2efe
-
SSDEEP
1536:9pVgd3Kz6PAoQUUCuqfG2F9M15qJ3hLafjHcmM:9qKO4cnN59M15Ogg
Malware Config
Signatures
-
pid Process 2040 powershell.exe -
Suspicious behavior: EnumeratesProcesses 2 IoCs
pid Process 2040 powershell.exe 2040 powershell.exe -
Suspicious use of AdjustPrivilegeToken 1 IoCs
description pid Process Token: SeDebugPrivilege 2040 powershell.exe -
Suspicious use of WriteProcessMemory 3 IoCs
description pid Process procid_target PID 2040 wrote to memory of 2492 2040 powershell.exe 31 PID 2040 wrote to memory of 2492 2040 powershell.exe 31 PID 2040 wrote to memory of 2492 2040 powershell.exe 31
Processes
-
C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exepowershell.exe -ExecutionPolicy bypass -File C:\Users\Admin\AppData\Local\Temp\Pericenter.ps11⤵
- Command and Scripting Interpreter: PowerShell
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
PID:2040 -
C:\Windows\system32\wermgr.exe"C:\Windows\system32\wermgr.exe" "-outproc" "2040" "872"2⤵PID:2492
-
Network
MITRE ATT&CK Enterprise v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
1KB
MD51c194c483c53c56a7680029a904cf516
SHA1db0d9c691bf0c29994c1fd38b6e2da31132d4134
SHA256abe92a87e0f7fadd087578d5643a906e6b7879068cf84d183508284e6587c343
SHA512e5e166392e4199c5cd2ca149863ec5a8fd392761fdd5e569977bbdce7befffc6fe6e0e8b74985443d3a5ff8aca0cb880aa6481f5b148f0b12728c200425b1841