Possible Keylogger Indicated by Falcon Sandbox

[amandarino-tei]

Falcon Sandbox indicates a possible keylogger http://www.hybrid-analysis.com/sample/6b3bca249c7e8b8b8daddf4b7f6bf250a1274b0ce4e05ac156592ce9b7339ea6/66e09b02b26e9228260f9ad2

[mechanysm]

@amandarino-tei You may want to investigate the detection it a little more before submitting an issue

From the link you provided. details "sample.bin" contains indicator "[ENTER]" (Line: 64; Offset: 17)

Line 64 of the file "INSTALL_IntuneWin32Deployer.ps1" which hybrid-analysis refers to as sample.bin Read-Host "Press [Enter] to close"

So very much a false positive, especially given"[Enter]" is a only one indicator and a weak indicator on its own.

Maintainer should close this issue and likely related issue #23 as without more context it appears to be the same false positive.