47dd3b96d620554569a957c1571b202f224a6ba2432cee71530613e1743fc0ac

Analysis

max time kernel
372s
max time network
867s
platform
windows10-1703_x64
resource
win10-20220812-es
resource tags

arch:x64arch:x86image:win10-20220812-eslocale:es-esos:windows10-1703-x64systemwindows
submitted
04/01/2023, 13:57

Target

SpotX-Win-main/scripts/installer-lang/ka.ps1
Size

7KB
MD5

90bd5a72fcd06fab8acc4c936d073ead
SHA1

8a49629e46bdcefa6284933393cb7f4d7a221b16
SHA256

99215f0a3ee4b25b0406e1fc6aee4df73d3b2e77e5b5748dc040b33c497577c6
SHA512

e0e1a6685311d0cb5d576cbe73d99e93c83358ba8bc2aa27036bd4ab712856ebf4f79650576bb9df403513791494559b6ef74f4bd36f82088e7e6b782a424981
SSDEEP

192:KM0r0dO7KpkWMxACMLRZ4eRuoX913hE9W2/PWxwNVhr2fsj1Cn4w2BEr0Qabair9:KM0Ydnk0tK2B4WARajoMo

Score

1^/10

Suspicious behavior: EnumeratesProcesses 3 IoCs

Suspicious use of AdjustPrivilegeToken 1 IoCs

description	pid	Process
Token: SeDebugPrivilege	3996	powershell.exe

memory/3996-120-0x000001CA65F90000-0x000001CA66012000-memory.dmp

Filesize
520KB

Download
memory/3996-122-0x000001CA4DA00000-0x000001CA4DA10000-memory.dmp

Filesize
64KB

Download
memory/3996-123-0x000001CA65F30000-0x000001CA65F52000-memory.dmp

Filesize
136KB

Download
memory/3996-124-0x000001CA66AA0000-0x000001CA66BA2000-memory.dmp

Filesize
1.0MB

Download
memory/3996-127-0x000001CA66BB0000-0x000001CA66C26000-memory.dmp

Filesize
472KB

Download