Summary | ZeroBOX

Category	Machine	Started	Completed
FILE	s1_win7_x6401	Sept. 4, 2024, 5:45 p.m.	Sept. 4, 2024, 5:47 p.m.

Size	36.8KB
Type	ASCII text
MD5	`8a319fa42e7c7432318f28a990f15696`
SHA256	`c55672b5d2963969abe045fe75db52069d0300691d4f1f5923afeadf5353b9d2`
CRC32	`E3FF657D`
ssdeep	`384:gkm6kkUW7djaBoB6CgmflBpBCImoIL4RqFeyw7M+2D3C+uaeaLd9LGQcowWx8wWy:Xkmt4osvSF/SnChZA82T82mznvTn5rw`
Yara	None matched

powershell.exe "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" -NoProfile -ExecutionPolicy unrestricted -File C:\Users\test22\AppData\Local\Temp\pc.ps1
2552

Name	Response	Post-Analysis Lookup
No hosts contacted.

IP Address	Status	Action
No hosts contacted.

No Suricata Alerts

No Suricata TLS

Time & API	Arguments	Status	Return	Repeated
NtAllocateVirtualMemory Sept. 4, 2024, 5:45 p.m.	process_identifier: 2552 region_size: 4096 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 1 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x026db000 allocation_type: 4096 (MEM_COMMIT) process_handle: 0xffffffff	1	0	0
NtAllocateVirtualMemory Sept. 4, 2024, 5:45 p.m.	process_identifier: 2552 region_size: 4096 stack_dep_bypass: 0 stack_pivoted: 0 heap_dep_bypass: 1 protection: 64 (PAGE_EXECUTE_READWRITE) base_address: 0x026ef000 allocation_type: 4096 (MEM_COMMIT) process_handle: 0xffffffff	1	0	0

Lionic	Trojan.Script.Powercat.4!c
Cynet	Malicious (score: 99)
CAT-QuickHeal	PS1.Powercat.44782
Skyhigh	BehavesLike.PS.Suspicious.nn
ALYac	Trojan.PowerShell.Agent
VIPRE	Application.Generic.3367247
Sangfor	Trojan.Generic-PS.Save.ccf7f650
Arcabit	Application.Generic.D33614F
VirIT	Trojan.PS.PowerCat.BEZ
Symantec	Trojan.Malscript
ESET-NOD32	PowerShell/ReverseShell.DR
TrendMicro-HouseCall	HackTool.PS1.PowerCat.A
McAfee	PS/Agent.dr
Avast	PwrSh:Agent-H [Trj]
ClamAV	Win.Trojan.Powercat-9840812-0
Kaspersky	HEUR:Trojan.PowerShell.Generic
BitDefender	Application.Generic.3367247
MicroWorld-eScan	Application.Generic.3367247
Rising	Backdoor.Powercat!8.114F9 (TOPIS:E0:R74ku7BSMbI)
Emsisoft	Application.Generic.3367247 (B)
F-Secure	Trojan.TR/PShell.Powcat.G
DrWeb	Tool.PowerCat.1
TrendMicro	HackTool.PS1.PowerCat.A
FireEye	Application.Generic.3367247
Sophos	ATK/PowerCat-A
Ikarus	Backdoor.PowerShell.Powercat
Google	Detected
Avira	TR/PShell.Powcat.G
MAX	malware (ai score=99)
Xcitium	ApplicUnwnt@#2sxtk5xyp1zpq
Microsoft	Backdoor:PowerShell/Powercat.A
ViRobot	Trojan.Win.S.PowerShell.37667
ZoneAlarm	HEUR:Trojan.PowerShell.Generic
GData	PowerShell.Trojan.Powercat.A
Varist	PSH/PowerCat.A
AhnLab-V3	Trojan/PowerShell.Powercat.S1567
Tencent	Win32.Trojan.Generic.Zylw
huorong	Backdoor/PS.Powercat.a
Fortinet	Riskware/PowerCat
AVG	PwrSh:Agent-H [Trj]
alibabacloud	Backdoor:Win/ReverseShell.DV

pc.ps1