Overview

overview

8

Static

static

SpotX-Win-...rt.ps1

windows10-1703-x64

1

SpotX-Win-...tt.txt

windows10-1703-x64

1

SpotX-Win-...ll.bat

windows10-1703-x64

8

SpotX-Win-...ll.ps1

windows10-1703-x64

8

SpotX-Win-...to.bat

windows10-1703-x64

8

SpotX-Win-...ic.bat

windows10-1703-x64

8

SpotX-Win-...em.bat

windows10-1703-x64

8

SpotX-Win-...fy.ps1

windows10-1703-x64

1

SpotX-Win-...ru.ps1

windows10-1703-x64

1

SpotX-Win-...ow.vbs

windows10-1703-x64

3

SpotX-Win-...ps.bat

windows10-1703-x64

3

SpotX-Win-...de.ps1

windows10-1703-x64

1

SpotX-Win-...en.ps1

windows10-1703-x64

1

SpotX-Win-...es.ps1

windows10-1703-x64

1

SpotX-Win-...fa.ps1

windows10-1703-x64

1

SpotX-Win-...fr.ps1

windows10-1703-x64

1

SpotX-Win-...hi.ps1

windows10-1703-x64

1

SpotX-Win-...hu.ps1

windows10-1703-x64

1

SpotX-Win-...id.ps1

windows10-1703-x64

1

SpotX-Win-...it.ps1

windows10-1703-x64

1

SpotX-Win-...ka.ps1

windows10-1703-x64

1

SpotX-Win-...ko.ps1

windows10-1703-x64

1

SpotX-Win-...pl.ps1

windows10-1703-x64

1

SpotX-Win-...pt.ps1

windows10-1703-x64

1

SpotX-Win-...ro.ps1

windows10-1703-x64

1

SpotX-Win-...ru.ps1

windows10-1703-x64

1

SpotX-Win-...tr.ps1

windows10-1703-x64

1

SpotX-Win-...ua.ps1

windows10-1703-x64

1

SpotX-Win-...vi.ps1

windows10-1703-x64

1

SpotX-Win-...zh.ps1

windows10-1703-x64

1

Analysis

  • max time kernel
    0s
  • platform
    windows10-1703_x64
  • resource
    win10-20220901-es
  • resource tags

    arch:x64arch:x86image:win10-20220901-eslocale:es-esos:windows10-1703-x64systemwindows
  • submitted
    04/01/2023, 13:57

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    SpotX-Win-main/.github/ISSUE_TEMPLATE/bug_report.ps1

  • Size

    2KB

  • MD5

    6259f5c5e7aea4c23cc960e2b89602b0

  • SHA1

    02b5163640b08a11f89ee819a2db35ac6778765b

  • SHA256

    4092eaa0fd3125ac217c5be7e9d6ab92c9a56fa63f9db14f8d068ff32e4eeaf4

  • SHA512

    c5bead3385a86fab7b705cbe70fa70f058d7ba5688b80c76a5cbbe4ac718a9b0b8c849aba94ec7175ec0f51c34eaca045c35c4cd4d3d999a9d46a3e0b76559b5

Score
1/10

Malware Config

Signatures

  • Suspicious behavior: EnumeratesProcesses 1 IoCs
  • Suspicious use of AdjustPrivilegeToken 1 IoCs

Processes

  • C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
    powershell.exe -ExecutionPolicy bypass -File C:\Users\Admin\AppData\Local\Temp\SpotX-Win-main\.github\ISSUE_TEMPLATE\bug_report.ps1
    1⤵
    • Suspicious behavior: EnumeratesProcesses
    • Suspicious use of AdjustPrivilegeToken
    PID:2856

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

  • memory/2856-124-0x0000027326F10000-0x0000027326F92000-memory.dmp

    Filesize

    520KB

    Download

  • memory/2856-125-0x000002730EAD0000-0x000002730EAF2000-memory.dmp

    Filesize

    136KB

    Download

  • memory/2856-126-0x000002730EAB0000-0x000002730EAC0000-memory.dmp

    Filesize

    64KB

    Download

  • memory/2856-127-0x00000273271B0000-0x00000273272B2000-memory.dmp

    Filesize

    1.0MB

    Download