Play interactive tourEdit tour
Analysis Report iqfpdjey.cmd
Overview
General Information
Detection
Score: | 52 |
Range: | 0 - 100 |
Whitelisted: | false |
Confidence: | 100% |
Signatures
Powershell creates an autostart link
Suspicious command line found
Suspicious powershell command line found
Contains capabilities to detect virtual machines
Contains long sleeps (>= 3 min)
Creates a process in suspended mode (likely to inject code)
Creates a start menu entry (Start Menu\Programs\Startup)
Detected potential crypto function
Enables debug privileges
Found a high number of Window / User specific system calls (may be a loop to detect user behavior)
May sleep (evasive loops) to hinder dynamic analysis
Queries the volume information (name, serial number etc) of a device
Sigma detected: PowerShell Script Run in AppData
Stores files to the Windows start menu directory
Very long cmdline option found, this is very uncommon (may be encrypted or packed)
Classification
Startup |
---|
|
Malware Configuration |
---|
No configs have been found |
---|
Yara Overview |
---|
No yara matches |
---|
Sigma Overview |
---|
System Summary: |
---|
Sigma detected: PowerShell Script Run in AppData | Show sources |
Source: | Author: Florian Roth: |