Overview

overview

10

Static

static

10

Arata_Verdacrypt.ps1

windows7-x64

3

Arata_Verdacrypt.ps1

windows10-2004-x64

9

Analysis

  • max time kernel
    120s
  • max time network
    121s
  • platform
    windows7_x64
  • resource
    win7-20240729-en
  • resource tags

    arch:x64arch:x86image:win7-20240729-enlocale:en-usos:windows7-x64system
  • submitted
    28/03/2025, 19:55

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    Arata_Verdacrypt.ps1

  • Size

    34KB

  • MD5

    470f24b0d1fcbfaae2ba8286ab64f0f2

  • SHA1

    cefe5f8886ed2468f7834c5ed0abafbee7083245

  • SHA256

    e04ca52275d940234c4cf1744c64712513319668dbf7a0d77111a03cf9fdba40

  • SHA512

    e108433b636de0454ff3cdb4822be12b84950e5cf32f63ded0b2d2d532f570357156e15aacd7a8b95aabcd7f4280609e1fcde32146883ab866e1d65600768715

  • SSDEEP

    384:thz/snUBSzj5mMEEpi0D04eEMls/11AUfoUHaWPw3+4CFYV5jIyJu7Y:NM5mME00xEbrl6Yq+40+IF7Y

Score
3/10
execution

Malware Config

Signatures

  • Command and Scripting Interpreter: PowerShell 1 TTPs 1 IoCs

    Using powershell.exe command.

    execution
  • Suspicious behavior: EnumeratesProcesses 1 IoCs
  • Suspicious use of AdjustPrivilegeToken 1 IoCs

Processes

  • C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
    powershell.exe -ExecutionPolicy bypass -File C:\Users\Admin\AppData\Local\Temp\Arata_Verdacrypt.ps1
    1⤵
    • Command and Scripting Interpreter: PowerShell
    • Suspicious behavior: EnumeratesProcesses
    • Suspicious use of AdjustPrivilegeToken
    PID:2016

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • memory/2016-4-0x000007FEF61CE000-0x000007FEF61CF000-memory.dmp

    Filesize

    4KB

    Download

  • memory/2016-5-0x000000001B5D0000-0x000000001B8B2000-memory.dmp

    Filesize

    2.9MB

    Download

  • memory/2016-7-0x000007FEF5F10000-0x000007FEF68AD000-memory.dmp

    Filesize

    9.6MB

    Download

  • memory/2016-9-0x000007FEF5F10000-0x000007FEF68AD000-memory.dmp

    Filesize

    9.6MB

    Download

  • memory/2016-8-0x000007FEF5F10000-0x000007FEF68AD000-memory.dmp

    Filesize

    9.6MB

    Download

  • memory/2016-6-0x0000000001F00000-0x0000000001F08000-memory.dmp

    Filesize

    32KB

    Download

  • memory/2016-10-0x000007FEF5F10000-0x000007FEF68AD000-memory.dmp

    Filesize

    9.6MB

    Download

  • memory/2016-11-0x000007FEF5F10000-0x000007FEF68AD000-memory.dmp

    Filesize

    9.6MB

    Download