bb943a4b69a11e38ae79651edb071f57da2c9989d6b840eae5efcd4e722d774d

Analysis

max time kernel
1591s
max time network
1595s
platform
windows7_x64
resource
win7-20230220-en
resource tags

arch:x64arch:x86image:win7-20230220-enlocale:en-usos:windows7-x64system
submitted
26-03-2023 13:15

Target

Spotify/Block/install.ps1
Size

4KB
MD5

d6391efb89ccc420774799bb0185e609
SHA1

63d2b12fad84b0391cbfe00b485261f9d76ec139
SHA256

0930f42793685aaa781840f88b91b8115ad3787ebb394f29799b8266fc422eb1
SHA512

114f133f766ee0e3eebd238dfc805223f45784313ada4eb66f1e1769074cefd19bf7fedce1ede7a505e9082679678c29cab0a74ff952fa8baf58e372bb6f9435
SSDEEP

96:LwehM7b5L50xpkc6IGKcLfLpUyPsNZuy3eW22Nx6YJ:LwrbR50xpG1btEZuGNoYJ

Score

8^/10

Blocklisted process makes network request 2 IoCs

Processes:

powershell.exe

flow pid process

4 1984 powershell.exe
5 1984 powershell.exe
Suspicious behavior: EnumeratesProcesses 3 IoCs

Processes:

powershell.exe

pid process

1984 powershell.exe
1984 powershell.exe
1984 powershell.exe
Suspicious use of AdjustPrivilegeToken 1 IoCs

Processes:

powershell.exe

description pid process

Token: SeDebugPrivilege 1984 powershell.exe

flow	pid	process
4	1984	powershell.exe
5	1984	powershell.exe

description	pid	process
Token: SeDebugPrivilege	1984	powershell.exe

memory/1984-58-0x000000001B290000-0x000000001B572000-memory.dmp

Filesize
2.9MB

Download
memory/1984-59-0x0000000001F40000-0x0000000001F48000-memory.dmp

Filesize
32KB

Download
memory/1984-60-0x0000000001F50000-0x0000000001FD0000-memory.dmp

Filesize
512KB

Download
memory/1984-61-0x0000000001F50000-0x0000000001FD0000-memory.dmp

Filesize
512KB

Download
memory/1984-62-0x0000000001F50000-0x0000000001FD0000-memory.dmp

Filesize
512KB

Download
memory/1984-63-0x0000000001F50000-0x0000000001FD0000-memory.dmp

Filesize
512KB

Download
memory/1984-64-0x0000000001F50000-0x0000000001FD0000-memory.dmp

Filesize
512KB

Download
memory/1984-65-0x0000000001F50000-0x0000000001FD0000-memory.dmp

Filesize
512KB

Download