Overview

overview

10

Static

static

10

void/0394b...43.exe

windows7-x64

3

void/0394b...43.exe

windows10-2004-x64

3

void/0aa21...0f.elf

ubuntu-24.04-amd64

1

void/250bb...13.exe

windows7-x64

6

void/250bb...13.exe

windows10-2004-x64

6

void/257ff...b4.exe

windows7-x64

1

void/257ff...b4.exe

windows10-2004-x64

8

void/37208...92.elf

debian-9-mips

1

void/43958...0d.exe

windows7-x64

10

void/43958...0d.exe

windows10-2004-x64

10

void/469a3...1b.ps1

windows7-x64

8

void/469a3...1b.ps1

windows10-2004-x64

10

void/5a099...8b.exe

windows7-x64

1

void/5a099...8b.exe

windows10-2004-x64

1

void/72cb9...de.elf

ubuntu-20.04-amd64

10

void/73055...90.exe

windows7-x64

3

void/73055...90.exe

windows10-2004-x64

3

การ�...��.exe

windows7-x64

8

การ�...��.exe

windows10-2004-x64

8

void/7ac64...d2.exe

windows7-x64

1

void/7ac64...d2.exe

windows10-2004-x64

8

void/7b380...cc.dmg

macos-10.15-amd64

1

Brew/Brew

macos-10.15-amd64

4

void/7dec8...a.html

windows7-x64

3

void/7dec8...a.html

windows10-2004-x64

3

void/80e6e...e3.exe

windows7-x64

3

void/80e6e...e3.exe

windows10-2004-x64

3

void/82231...6b.exe

windows7-x64

1

void/82231...6b.exe

windows10-2004-x64

8

void/8732e...71.exe

windows7-x64

1

void/8732e...71.exe

windows10-2004-x64

8

void/8c55a...97.elf

debian-9-mipsel

7

Analysis

  • max time kernel
    12s
  • max time network
    62s
  • platform
    windows7_x64
  • resource
    win7-20240729-en
  • resource tags

    arch:x64arch:x86image:win7-20240729-enlocale:en-usos:windows7-x64system
  • submitted
    20/03/2025, 20:08

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    void/469a30082aeff1c7367a5c98d83d4230947500771e86738903a026859f870f1b.ps1

  • Size

    951B

  • MD5

    991bfc052219f7e9b6e77e2268c08947

  • SHA1

    c6e8df55948ed92caa0401c28dfeb474c02136ef

  • SHA256

    469a30082aeff1c7367a5c98d83d4230947500771e86738903a026859f870f1b

  • SHA512

    bf7a963c06de9f3f66eb568f94bdeda1ea0236c39d8db768e7ecb942018fc1d7effc42295acebb114b7f40bdae5d72756eb1413d7221577bf202051fb7123fd4

Score
8/10
execution

Malware Config

Signatures

  • Blocklisted process makes network request 1 IoCs
  • Downloads MZ/PE file 1 IoCs
  • Command and Scripting Interpreter: PowerShell 1 TTPs 1 IoCs

    Using powershell.exe command.

    execution
  • Suspicious behavior: EnumeratesProcesses 1 IoCs
  • Suspicious use of AdjustPrivilegeToken 1 IoCs
  • Suspicious use of WriteProcessMemory 6 IoCs

Processes

  • C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
    powershell.exe -ExecutionPolicy bypass -File C:\Users\Admin\AppData\Local\Temp\void\469a30082aeff1c7367a5c98d83d4230947500771e86738903a026859f870f1b.ps1
    1⤵
    • Blocklisted process makes network request
    • Downloads MZ/PE file
    • Command and Scripting Interpreter: PowerShell
    • Suspicious behavior: EnumeratesProcesses
    • Suspicious use of AdjustPrivilegeToken
    • Suspicious use of WriteProcessMemory
    PID:2072
    • C:\Windows\Microsoft.NET\Framework64\v2.0.50727\csc.exe
      "C:\Windows\Microsoft.NET\Framework64\v2.0.50727\csc.exe" /noconfig /fullpaths @"C:\Users\Admin\AppData\Local\Temp\fqrnozot.cmdline"
      2⤵
      • Suspicious use of WriteProcessMemory
      PID:2284
      • C:\Windows\Microsoft.NET\Framework64\v2.0.50727\cvtres.exe
        C:\Windows\Microsoft.NET\Framework64\v2.0.50727\cvtres.exe /NOLOGO /READONLY /MACHINE:IX86 "/OUT:C:\Users\Admin\AppData\Local\Temp\RESBE22.tmp" "c:\Users\Admin\AppData\Local\Temp\CSCBE21.tmp"
        3⤵
          PID:2148

    Network

    MITRE ATT&CK Enterprise v15

    Replay Monitor

    Loading Replay Monitor...

    Downloads

    • C:\Users\Admin\AppData\Local\Temp\RESBE22.tmp
      Filesize

      1KB

      MD5

      4ba782d9d10b3399da7aeda253512872

      SHA1

      e5f0fe88d48d6209f77cba55930f587c96d96dc5

      SHA256

      7ef003ec1987d4208ef24d3da963f7e1c8fa75788f80d48081de6462d8a8aec4

      SHA512

      4f3f2fd26ea33395b03ad19745fc621e9a5a6a12231f62d0cd2afc0e8c86c211dce9a4cf54c58c61d3eecec9ca1abd1a572fc24e60e72bff0f1c2ad3a1ac86ca

      Download Submit

    • C:\Users\Admin\AppData\Local\Temp\fqrnozot.dll
      Filesize

      3KB

      MD5

      ad9e290d07b831e5899e8c2e93255231

      SHA1

      ae32c7b9918704687fe33bd068734731bbf40f2e

      SHA256

      8ec09644efbcbdb6af12ae56a195d9cd130c2ca253248a97f45faed0d5354820

      SHA512

      55a8c468bb8f8f3a03cdf4a775fe15774c3a08d82eff0d3615ecf47e7e27924f9e1896fca0c3c0ce43828954db1fa728d85b5c83ba29e709abe472176da42dfe

      Download Submit

    • C:\Users\Admin\AppData\Local\Temp\fqrnozot.pdb
      Filesize

      7KB

      MD5

      5b7ff9a335a319f79ed16df95b52c9df

      SHA1

      7d09cfae4c43e0a6319d5eb1319a773773eb5e3f

      SHA256

      53817aab4e64ca12cc1713c4bd38918da943068823f0eccfbef7ae99dbedd08c

      SHA512

      c0fcce76ee3091474e61dac40bf2d86e697ed572c53f72bae5d361b95e8b45b85a6abd4e41de410291c0061215747328f330b423f9683f16e8a5838bf61d0004

      Download Submit

    • \??\c:\Users\Admin\AppData\Local\Temp\CSCBE21.tmp
      Filesize

      652B

      MD5

      df4b31dbcc490b45e83d15eecc9350ad

      SHA1

      eb29db621a1aab342ecef660c22ca3b2fff46124

      SHA256

      bc2105073fc5ffda7ac792004bf5fc0cee52ad417e8737a581dd28197a668cf9

      SHA512

      fbf1397744b376d9f405c697d98d9e00ff658cea522ac956867f54d5bf4443e0071aeca20d5ab0f7881bbb57a431d021bd02ff9b557cfb8d8839dda4e45aef33

      Download Submit

    • \??\c:\Users\Admin\AppData\Local\Temp\fqrnozot.0.cs
      Filesize

      470B

      MD5

      fc199e95b98fd2bef9dc8c75ac49fd5c

      SHA1

      389c49f099b5da6b47d07e9de292d553c6713f83

      SHA256

      c443f29fb2f6d18f4cb0813c178248952b8856a8e27a157ce046e7eecd99604f

      SHA512

      07b4af2f464e011646d0deb2bd1639cc0ade38b507b84230ee3d4863416a6a9c9d9e6678a438ae203bd534adbe1160198c6575d87f8a88ce440aefd1d018d7ba

      Download Submit

    • \??\c:\Users\Admin\AppData\Local\Temp\fqrnozot.cmdline
      Filesize

      309B

      MD5

      4f03225575ad78d00baa9ea76d62751c

      SHA1

      f310f4a787a7a605863726ef4639f66ec1f653f1

      SHA256

      17b4e6da3c09df86de45e8ca42746085aafc1a51928f1e963b982fb7bd55dde3

      SHA512

      364c50675867bf9f4740d3e282ebca71c4f9f78c54224a6942f7712fd031f825bbfc49dcddf7bf2df55626d26ac13aed4052923fe094331ff5ff8f8190cc4b00

      Download Submit

    • memory/2072-13-0x000007FEF5A50000-0x000007FEF63ED000-memory.dmp

      Filesize

      9.6MB

      Download

    • memory/2072-8-0x000007FEF5A50000-0x000007FEF63ED000-memory.dmp

      Filesize

      9.6MB

      Download

    • memory/2072-9-0x000007FEF5A50000-0x000007FEF63ED000-memory.dmp

      Filesize

      9.6MB

      Download

    • memory/2072-4-0x000007FEF5D0E000-0x000007FEF5D0F000-memory.dmp

      Filesize

      4KB

      Download

    • memory/2072-7-0x000007FEF5A50000-0x000007FEF63ED000-memory.dmp

      Filesize

      9.6MB

      Download

    • memory/2072-5-0x000000001B630000-0x000000001B912000-memory.dmp

      Filesize

      2.9MB

      Download

    • memory/2072-26-0x0000000002CF0000-0x0000000002CF8000-memory.dmp

      Filesize

      32KB

      Download

    • memory/2072-6-0x0000000002770000-0x0000000002778000-memory.dmp

      Filesize

      32KB

      Download

    • memory/2072-29-0x000007FEF5A50000-0x000007FEF63ED000-memory.dmp

      Filesize

      9.6MB

      Download

    • memory/2284-16-0x000007FEF5A50000-0x000007FEF63ED000-memory.dmp

      Filesize

      9.6MB

      Download

    • memory/2284-24-0x000007FEF5A50000-0x000007FEF63ED000-memory.dmp

      Filesize

      9.6MB

      Download