63203d5fa490ac4467049929bfce158a940cf325c09231c0db88a836ddb3ffd5

Analysis

Target

index.ps1
Size

1.3MB
MD5

d57fbade6e2181198807bbc31b115e3a
SHA1

2c3a54dfb9d23cadacd17d707e911a021b4e53ef
SHA256

63203d5fa490ac4467049929bfce158a940cf325c09231c0db88a836ddb3ffd5
SHA512

a063042a68f7c17e4e3afbeb0a707b497fc2779e2644a2d7fb9d850469a7be086e1a29325cf725ce4c1536eedcbe7e4790ca015020f0903925952fcfab95fd1a

Score

1^/10

Suspicious behavior: EnumeratesProcesses 1 IoCs

Processes:

powershell.exe

pid process

528 powershell.exe
Suspicious use of AdjustPrivilegeToken 1 IoCs

Processes:

powershell.exe

description pid process

Token: SeDebugPrivilege 528 powershell.exe

pid	process
528	powershell.exe

description	pid	process
Token: SeDebugPrivilege	528	powershell.exe

memory/528-54-0x000007FEFBEE1000-0x000007FEFBEE3000-memory.dmp

Filesize
8KB

Download
memory/528-55-0x000007FEF2FB0000-0x000007FEF3B0D000-memory.dmp

Filesize
11.4MB

Download
memory/528-57-0x0000000002800000-0x0000000002802000-memory.dmp

Filesize
8KB

Download
memory/528-56-0x000007FEF56DE000-0x000007FEF56DF000-memory.dmp

Filesize
4KB

Download
memory/528-58-0x0000000002802000-0x0000000002804000-memory.dmp

Filesize
8KB

Download
memory/528-59-0x0000000002804000-0x0000000002807000-memory.dmp

Filesize
12KB

Download
memory/528-60-0x000000000280B000-0x000000000282A000-memory.dmp

Filesize
124KB

Download