Analysis
-
max time kernel
121s -
max time network
121s -
platform
windows7_x64 -
resource
win7-20240903-en -
resource tags
arch:x64arch:x86image:win7-20240903-enlocale:en-usos:windows7-x64system -
submitted
08/03/2025, 06:02
Static task
static1
Behavioral task
behavioral1
Sample
4186a7812c15ec48234e91b4268541455c5d3496807efe3a05afcf94c90284e7.exe
Resource
win7-20240729-en
Behavioral task
behavioral2
Sample
4186a7812c15ec48234e91b4268541455c5d3496807efe3a05afcf94c90284e7.exe
Resource
win10v2004-20250217-en
Behavioral task
behavioral3
Sample
Pericenter.ps1
Resource
win7-20240903-en
Behavioral task
behavioral4
Sample
Pericenter.ps1
Resource
win10v2004-20250217-en
General
-
Target
Pericenter.ps1
-
Size
53KB
-
MD5
2d7a9b17a981757aeb3b8945b15bb897
-
SHA1
7c27d9e5ce5ec9dfc5f13985769ca91698980e2a
-
SHA256
7c7023149ea38184f67f040b8fac8f56804e7a84886678e7df8409354d3b0b7d
-
SHA512
83370533553f6f55c644fc3b203c1e7e3572c69bc570776f0fbe79c146174fdfd3a037cf54c943222fd07d72fb0ac466b9154753adf4c5314a91ebfdbd8b2efe
-
SSDEEP
1536:9pVgd3Kz6PAoQUUCuqfG2F9M15qJ3hLafjHcmM:9qKO4cnN59M15Ogg
Malware Config
Signatures
-
pid Process 2428 powershell.exe -
Suspicious behavior: EnumeratesProcesses 2 IoCs
pid Process 2428 powershell.exe 2428 powershell.exe -
Suspicious use of AdjustPrivilegeToken 1 IoCs
description pid Process Token: SeDebugPrivilege 2428 powershell.exe -
Suspicious use of WriteProcessMemory 3 IoCs
description pid Process procid_target PID 2428 wrote to memory of 2228 2428 powershell.exe 31 PID 2428 wrote to memory of 2228 2428 powershell.exe 31 PID 2428 wrote to memory of 2228 2428 powershell.exe 31
Processes
-
C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exepowershell.exe -ExecutionPolicy bypass -File C:\Users\Admin\AppData\Local\Temp\Pericenter.ps11⤵
- Command and Scripting Interpreter: PowerShell
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
PID:2428 -
C:\Windows\system32\wermgr.exe"C:\Windows\system32\wermgr.exe" "-outproc" "2428" "856"2⤵PID:2228
-
Network
MITRE ATT&CK Enterprise v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
1KB
MD5ae6f75a0870c4a893f566ed3add8374f
SHA1085be2a2c3c921af54fee1b90a113b6480abc1c9
SHA2569e2d13c337c913632e24b2d0e2689e475b8b4991815064e63f09c5008d8af9ba
SHA512f3ca97c408122cf22271f3fca517137c605355ded4eac30cf269d577ef7babc2d411c16d552616630d9ab19986acadd4caefd7b83a1a7dbf67e1bf850cc91450