Overview

overview

7

Static

static

1

Winhance.ps1

windows11-21h2-x64

7

Sharing

Copy URL
Twitter E-mail

General

  • Target

    Winhance.ps1

  • Size

    426KB

  • Sample

    250412-t9dljayky3

  • MD5

    a1560ed206ca68acea43f81531d1bb79

  • SHA1

    1e27b51eeaf1bcdd3f261530b2e91c1a052344ee

  • SHA256

    118fe7a4fdc820a3f67f49491da91d286cabd5fa07d66335ff78c18349745372

  • SHA512

    d9db6cbb0d292a21bfa24540f52bde8c4a2aca5a1f7ce89faa383ce6a492eb3192e04be448669dac1edf361c052b774481adbde98f76d709f89239819014e427

  • SSDEEP

    6144:KQylEVcvPb0sVuEKVfGdnZn0neabol3H6:KQyVElD

Score
7/10
microsoftexecutionphishing

Malware Config

Targets

    • Target

      Winhance.ps1

    • Size

      426KB

    • MD5

      a1560ed206ca68acea43f81531d1bb79

    • SHA1

      1e27b51eeaf1bcdd3f261530b2e91c1a052344ee

    • SHA256

      118fe7a4fdc820a3f67f49491da91d286cabd5fa07d66335ff78c18349745372

    • SHA512

      d9db6cbb0d292a21bfa24540f52bde8c4a2aca5a1f7ce89faa383ce6a492eb3192e04be448669dac1edf361c052b774481adbde98f76d709f89239819014e427

    • SSDEEP

      6144:KQylEVcvPb0sVuEKVfGdnZn0neabol3H6:KQyVElD

    Score
    7/10
    microsoftexecutionphishing

    • Executes dropped EXE

    • Loads dropped DLL

    • Drops desktop.ini file(s)

    • Legitimate hosting services abused for malware hosting/C2

    • Detected potential entity reuse from brand MICROSOFT.

      phishingmicrosoft
    behavioral1

MITRE ATT&CK Enterprise v16

Tasks