af345cbcd20d7ae664d369ca78acb95f0768b4b5c5c036a6a4a55ae09059ea79

Analysis

max time kernel
117s
max time network
124s
platform
windows7_x64
resource
win7-20231020-en
resource tags

arch:x64arch:x86image:win7-20231020-enlocale:en-usos:windows7-x64system
submitted
07/11/2023, 14:20

Target

tqtc-qt5-everywhere-src-5.15.5/coin/pre-provisioning/qtci-windows-10-x86_64/disable-clean-manager.ps1
Size

446B
MD5

2a0b01b12a8a9b4d37f57105afa1c6f1
SHA1

4e435bfdd6a02da0d48f2d4f0978186e0d135e90
SHA256

58e6f37ccb48fbece32ad68746a3db2d1982b18e701856f25f64cbdafe2a8293
SHA512

e3d3ac72c04be3d931686581806903c527d3439da3fa73c453702656381caf27fc58defc5abb97f70015ca246a0f878c633cd177f09a34e565898e7ed00b1390

Score

1^/10

Suspicious behavior: EnumeratesProcesses 1 IoCs

pid	Process
1720	powershell.exe

Suspicious use of AdjustPrivilegeToken 1 IoCs

description	pid	Process
Token: SeDebugPrivilege	1720	powershell.exe

memory/1720-4-0x000000001B3B0000-0x000000001B692000-memory.dmp

Filesize
2.9MB

Download
memory/1720-5-0x0000000002490000-0x0000000002498000-memory.dmp

Filesize
32KB

Download
memory/1720-7-0x00000000024B0000-0x0000000002530000-memory.dmp

Filesize
512KB

Download
memory/1720-8-0x00000000024B0000-0x0000000002530000-memory.dmp

Filesize
512KB

Download
memory/1720-9-0x00000000024B0000-0x0000000002530000-memory.dmp

Filesize
512KB

Download
memory/1720-6-0x000007FEF51B0000-0x000007FEF5B4D000-memory.dmp

Filesize
9.6MB

Download
memory/1720-10-0x000007FEF51B0000-0x000007FEF5B4D000-memory.dmp

Filesize
9.6MB

Download
memory/1720-11-0x00000000024B0000-0x0000000002530000-memory.dmp

Filesize
512KB

Download
memory/1720-12-0x000007FEF51B0000-0x000007FEF5B4D000-memory.dmp

Filesize
9.6MB

Download