Summary | ZeroBOX

Category	Machine	Started	Completed
FILE	s1_win7_x6403_us	Jan. 13, 2024, 7:15 p.m.	Jan. 13, 2024, 7:33 p.m.

Size	7.6KB
Type	ASCII text, with very long lines
MD5	`11a2c5a1096a4b63edcd96e578b1138d`
SHA256	`a496456dafc856b87bdc454753aa7e02e10b62801dc4cea5f4eb1c037d00f56d`
CRC32	`BCE74512`
ssdeep	`96:FdvbfVjvxwVuECW9wYCpmBMHogquBjYmyIt83OSXpF7dkaIoAtRFlenvPH:FdvbfVmujW9U1HoMBxyPbNdwoKFenXH`
Yara	hide_executable_file - Hide executable file

powershell.exe "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" -NoProfile -ExecutionPolicy unrestricted -File C:\Users\test22\AppData\Local\Temp\amsi.ps1
840

Name	Response	Post-Analysis Lookup
No hosts contacted.

IP Address	Status	Action
No hosts contacted.

No Suricata Alerts

No Suricata TLS

Time & API	Arguments	Status	Return	Repeated
NtAllocateVirtualMemory Jan. 13, 2024, 7:15 p.m.	process_identifier: 840 region_size: 4096 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 1 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x0250b000 allocation_type: 4096 (MEM_COMMIT) process_handle: 0xffffffff	1	0	0
NtAllocateVirtualMemory Jan. 13, 2024, 7:15 p.m.	process_identifier: 840 region_size: 4096 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 1 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x0251f000 allocation_type: 4096 (MEM_COMMIT) process_handle: 0xffffffff	1	0	0

Lionic	Trojan.Script.Disable.4!c
MicroWorld-eScan	Dropped:Trojan.AMSI.Disable.I
Skyhigh	PS/Agent.am
ALYac	Dropped:Trojan.AMSI.Disable.I
VIPRE	Dropped:Trojan.AMSI.Disable.I
Sangfor	Trojan.Generic-Script.Save.642442f9
Arcabit	Trojan.AMSI.Disable.I
Symantec	Trojan.Gen.NPE
ESET-NOD32	a variant of MSIL/Agent.SYI
McAfee	PS/Agent.am
Avast	PwrSh:AmsiBypass-H [Trj]
Cynet	Malicious (score: 99)
Kaspersky	HEUR:Trojan.Win32.Generic
BitDefender	Dropped:Trojan.AMSI.Disable.I
Rising	Trojan.UnicornBypass!8.1066D (TOPIS:E0:RJFMipMVEMJ)
Emsisoft	Dropped:Trojan.AMSI.Disable.I (B)
F-Secure	Trojan.TR/EvaAmsi.G1
Google	Detected
Avira	TR/EvaAmsi.G1
Antiy-AVL	Trojan[Dropper]/Win32.Agent.a
Kingsoft	Script.Ks.Malware.9344
Microsoft	Trojan:PowerShell/UnicornBypass.A
ZoneAlarm	HEUR:Trojan.Win32.Generic
GData	Dropped:Trojan.AMSI.Disable.I
Tencent	Win32.Trojan.Generic.Gflw
Ikarus	Trojan-Dropper.PowerShell.Agent
AVG	PwrSh:AmsiBypass-H [Trj]

amsi.ps1