Overview

overview

10

Static

static

10

Verdacryptor_V3.ps1

windows7-x64

3

Verdacryptor_V3.ps1

windows10-2004-x64

10

Analysis

  • max time kernel
    117s
  • max time network
    119s
  • platform
    windows7_x64
  • resource
    win7-20240903-en
  • resource tags

    arch:x64arch:x86image:win7-20240903-enlocale:en-usos:windows7-x64system
  • submitted
    28/03/2025, 19:58

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    Verdacryptor_V3.ps1

  • Size

    34KB

  • MD5

    d99e4723bcec4ba0f0a535c6b00bd502

  • SHA1

    3e7ed721dba818f6f3d9142739ebbca9195088d2

  • SHA256

    823728b3245cfd1ee43d84247211730b540c0cd692a934caaf492b7bb8a27e91

  • SHA512

    aca686e14b706378660405d74f7ce4c4c1e69df47949efbfd14dc5ab55943470932bfbc0cfe28bb7ea3b8d9e1de7c93c9b3317f89c720ac5e6e41fe171015891

  • SSDEEP

    384:thz/snUBSzj5mMEEpi0D04eEMls/11AUfoUHaWPw3+4CFYV5jIyJyXK:NM5mME00xEbrl6Yq+40+IrXK

Score
3/10
execution

Malware Config

Signatures

  • Command and Scripting Interpreter: PowerShell 1 TTPs 1 IoCs

    Using powershell.exe command.

    execution
  • Suspicious behavior: EnumeratesProcesses 1 IoCs
  • Suspicious use of AdjustPrivilegeToken 1 IoCs

Processes

  • C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
    powershell.exe -ExecutionPolicy bypass -File C:\Users\Admin\AppData\Local\Temp\Verdacryptor_V3.ps1
    1⤵
    • Command and Scripting Interpreter: PowerShell
    • Suspicious behavior: EnumeratesProcesses
    • Suspicious use of AdjustPrivilegeToken
    PID:1916

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • memory/1916-4-0x000007FEF5D2E000-0x000007FEF5D2F000-memory.dmp

    Filesize

    4KB

    Download

  • memory/1916-5-0x000000001B550000-0x000000001B832000-memory.dmp

    Filesize

    2.9MB

    Download

  • memory/1916-6-0x0000000002240000-0x0000000002248000-memory.dmp

    Filesize

    32KB

    Download

  • memory/1916-7-0x000007FEF5A70000-0x000007FEF640D000-memory.dmp

    Filesize

    9.6MB

    Download

  • memory/1916-10-0x000007FEF5A70000-0x000007FEF640D000-memory.dmp

    Filesize

    9.6MB

    Download

  • memory/1916-11-0x000007FEF5A70000-0x000007FEF640D000-memory.dmp

    Filesize

    9.6MB

    Download

  • memory/1916-9-0x000007FEF5A70000-0x000007FEF640D000-memory.dmp

    Filesize

    9.6MB

    Download

  • memory/1916-8-0x000007FEF5A70000-0x000007FEF640D000-memory.dmp

    Filesize

    9.6MB

    Download

  • memory/1916-12-0x000007FEF5A70000-0x000007FEF640D000-memory.dmp

    Filesize

    9.6MB

    Download