Analysis

  • max time kernel
    0s
  • platform
    windows10-1703_x64
  • resource
    win10-20220812-es
  • resource tags

    arch:x64arch:x86image:win10-20220812-eslocale:es-esos:windows10-1703-x64systemwindows
  • submitted
    04-01-2023 13:57

General

  • Target

    SpotX-Win-main/scripts/installer-lang/id.ps1

  • Size

    3KB

  • MD5

    018e568bb25c117fb38a33a9cd751b39

  • SHA1

    8d032097acfe0256c44cb2f1fdc3331d368d46ee

  • SHA256

    91c857bda308e8ff0cb89580bd332a36a09a13234490ba4f76152becc3f8f9c0

  • SHA512

    26e8995706d3482e979d4be69db8b8d4eed8e9addf57c34a9c7d2222eba24cd0089a119ca21eb4ff687a8df578af28f0323c41543a0fe0ecffbacdc4ce50188e

Score
1/10

Malware Config

Signatures

  • Suspicious behavior: EnumeratesProcesses 1 IoCs
  • Suspicious use of AdjustPrivilegeToken 1 IoCs

Processes

  • C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
    powershell.exe -ExecutionPolicy bypass -File C:\Users\Admin\AppData\Local\Temp\SpotX-Win-main\scripts\installer-lang\id.ps1
    1⤵
    • Suspicious behavior: EnumeratesProcesses
    • Suspicious use of AdjustPrivilegeToken
    PID:3780

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

  • memory/3780-120-0x000002497B1E0000-0x000002497B262000-memory.dmp

    Filesize

    520KB

  • memory/3780-121-0x000002497ABF0000-0x000002497AC00000-memory.dmp

    Filesize

    64KB

  • memory/3780-123-0x000002497B140000-0x000002497B162000-memory.dmp

    Filesize

    136KB

  • memory/3780-124-0x000002497BD10000-0x000002497BE12000-memory.dmp

    Filesize

    1.0MB

  • memory/3780-127-0x000002497BEA0000-0x000002497BF16000-memory.dmp

    Filesize

    472KB