Overview

overview

8

Static

static

SpotX-Win-...rt.ps1

windows10-1703-x64

1

SpotX-Win-...tt.txt

windows10-1703-x64

1

SpotX-Win-...ll.bat

windows10-1703-x64

8

SpotX-Win-...ll.ps1

windows10-1703-x64

8

SpotX-Win-...to.bat

windows10-1703-x64

8

SpotX-Win-...ic.bat

windows10-1703-x64

8

SpotX-Win-...em.bat

windows10-1703-x64

8

SpotX-Win-...fy.ps1

windows10-1703-x64

1

SpotX-Win-...ru.ps1

windows10-1703-x64

1

SpotX-Win-...ow.vbs

windows10-1703-x64

3

SpotX-Win-...ps.bat

windows10-1703-x64

3

SpotX-Win-...de.ps1

windows10-1703-x64

1

SpotX-Win-...en.ps1

windows10-1703-x64

1

SpotX-Win-...es.ps1

windows10-1703-x64

1

SpotX-Win-...fa.ps1

windows10-1703-x64

1

SpotX-Win-...fr.ps1

windows10-1703-x64

1

SpotX-Win-...hi.ps1

windows10-1703-x64

1

SpotX-Win-...hu.ps1

windows10-1703-x64

1

SpotX-Win-...id.ps1

windows10-1703-x64

1

SpotX-Win-...it.ps1

windows10-1703-x64

1

SpotX-Win-...ka.ps1

windows10-1703-x64

1

SpotX-Win-...ko.ps1

windows10-1703-x64

1

SpotX-Win-...pl.ps1

windows10-1703-x64

1

SpotX-Win-...pt.ps1

windows10-1703-x64

1

SpotX-Win-...ro.ps1

windows10-1703-x64

1

SpotX-Win-...ru.ps1

windows10-1703-x64

1

SpotX-Win-...tr.ps1

windows10-1703-x64

1

SpotX-Win-...ua.ps1

windows10-1703-x64

1

SpotX-Win-...vi.ps1

windows10-1703-x64

1

SpotX-Win-...zh.ps1

windows10-1703-x64

1

Analysis

  • max time kernel
    374s
  • max time network
    867s
  • platform
    windows10-1703_x64
  • resource
    win10-20220812-es
  • resource tags

    arch:x64arch:x86image:win10-20220812-eslocale:es-esos:windows10-1703-x64systemwindows
  • submitted
    04-01-2023 13:57

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    SpotX-Win-main/scripts/installer-lang/vi.ps1

  • Size

    4KB

  • MD5

    a1b336aaa38c0f7141d031ca4c7bb8f2

  • SHA1

    9ad442d0b4524171f8e348ea4c5cae6c3b41c2d2

  • SHA256

    56feebe539cb38d2bfc3d35b832eca8062a55dcd7308416cb2ce4db937cf87ec

  • SHA512

    b6238d959fd7cf7dbe16c087e9759c2aaee6bf7f43f1a8e7bb315be66bf2527b9cfff8e457a043d2ac56e8694965cd0a6bd9914fd7676391c14254b9584810c0

  • SSDEEP

    96:7RM8wfTushuskHq/FtXDDvIIjncOULJEP6FKm3kIoCek2/aeZVzSoYJLqChBX:tMFHLkOVvz1uf0D/R1eLqChBX

Score
1/10

Malware Config

Signatures

  • Suspicious behavior: EnumeratesProcesses 3 IoCs
  • Suspicious use of AdjustPrivilegeToken 1 IoCs

Processes

  • C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
    powershell.exe -ExecutionPolicy bypass -File C:\Users\Admin\AppData\Local\Temp\SpotX-Win-main\scripts\installer-lang\vi.ps1
    1⤵
    • Suspicious behavior: EnumeratesProcesses
    • Suspicious use of AdjustPrivilegeToken
    PID:4400

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

  • memory/4400-119-0x000002CC55A70000-0x000002CC55AF2000-memory.dmp

    Filesize

    520KB

    Download

  • memory/4400-120-0x000002CC559E0000-0x000002CC55A02000-memory.dmp

    Filesize

    136KB

    Download

  • memory/4400-121-0x000002CC3D470000-0x000002CC3D480000-memory.dmp

    Filesize

    64KB

    Download

  • memory/4400-122-0x000002CC55D10000-0x000002CC55E12000-memory.dmp

    Filesize

    1.0MB

    Download

  • memory/4400-125-0x000002CC55EA0000-0x000002CC55F16000-memory.dmp

    Filesize

    472KB

    Download