Analysis
-
max time kernel
120s -
max time network
121s -
platform
windows7_x64 -
resource
win7-20240903-en -
resource tags
arch:x64arch:x86image:win7-20240903-enlocale:en-usos:windows7-x64system -
submitted
08/03/2025, 05:57
Static task
static1
Behavioral task
behavioral1
Sample
4186a7812c15ec48234e91b4268541455c5d3496807efe3a05afcf94c90284e7.exe
Resource
win7-20240903-en
Behavioral task
behavioral2
Sample
4186a7812c15ec48234e91b4268541455c5d3496807efe3a05afcf94c90284e7.exe
Resource
win10v2004-20250217-en
Behavioral task
behavioral3
Sample
Pericenter.ps1
Resource
win7-20240903-en
Behavioral task
behavioral4
Sample
Pericenter.ps1
Resource
win10v2004-20250217-en
General
-
Target
Pericenter.ps1
-
Size
53KB
-
MD5
2d7a9b17a981757aeb3b8945b15bb897
-
SHA1
7c27d9e5ce5ec9dfc5f13985769ca91698980e2a
-
SHA256
7c7023149ea38184f67f040b8fac8f56804e7a84886678e7df8409354d3b0b7d
-
SHA512
83370533553f6f55c644fc3b203c1e7e3572c69bc570776f0fbe79c146174fdfd3a037cf54c943222fd07d72fb0ac466b9154753adf4c5314a91ebfdbd8b2efe
-
SSDEEP
1536:9pVgd3Kz6PAoQUUCuqfG2F9M15qJ3hLafjHcmM:9qKO4cnN59M15Ogg
Malware Config
Signatures
-
pid Process 2236 powershell.exe -
Suspicious behavior: EnumeratesProcesses 2 IoCs
pid Process 2236 powershell.exe 2236 powershell.exe -
Suspicious use of AdjustPrivilegeToken 1 IoCs
description pid Process Token: SeDebugPrivilege 2236 powershell.exe -
Suspicious use of WriteProcessMemory 3 IoCs
description pid Process procid_target PID 2236 wrote to memory of 264 2236 powershell.exe 32 PID 2236 wrote to memory of 264 2236 powershell.exe 32 PID 2236 wrote to memory of 264 2236 powershell.exe 32
Processes
-
C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exepowershell.exe -ExecutionPolicy bypass -File C:\Users\Admin\AppData\Local\Temp\Pericenter.ps11⤵
- Command and Scripting Interpreter: PowerShell
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
PID:2236 -
C:\Windows\system32\wermgr.exe"C:\Windows\system32\wermgr.exe" "-outproc" "2236" "856"2⤵PID:264
-
Network
MITRE ATT&CK Enterprise v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
1KB
MD54cc4a4cdd5d7bb51116b1943e83f17b3
SHA1035a35ea21643cba0a578bd2ff0e9f3f01a44966
SHA256425d89cdb2c9799363fc4b65bfa2a568954bddea0660fb58497d1c0d8a64f47b
SHA51259ff4cbd41f0dcd8bf9db66544d4a028536a97621f60e6905cef03559fa2a59e911288568466531c1cb5342f94935156f904370c230d17d39c9febca205e6a13