f4d7b00f420869bd0a601d27c81de30ec79ea4c40c98ca11a1699992eb0dd6d6

Analysis

max time kernel
163s
max time network
169s
platform
windows10-2004_x64
resource
win10v2004-20220812-en
resource tags

arch:x64arch:x86image:win10v2004-20220812-enlocale:en-usos:windows10-2004-x64system
submitted
06/12/2022, 05:51

Target

f4d7b00f420869bd0a601d27c81de30ec79ea4c40c98ca11a1699992eb0dd6d6.exe
Size

2.1MB
MD5

6e7b737e370f52f40a3aaf5176881322
SHA1

ceca1ffabe78a831fc74815bc397fbad0be38952
SHA256

f4d7b00f420869bd0a601d27c81de30ec79ea4c40c98ca11a1699992eb0dd6d6
SHA512

35b5f4470210adc4bc381e9817893d2c57009e1efa7c7872d20a12b7d5cc892d347b1d9f582dde2b795d007d5f221bfd7b4568e322a4ca21654338399bf4f469
SSDEEP

24576:/Pdg79Z8E5meloEhCN66zJWQjgbAs4V61nHxVi5sOoCo3dGX8/X0v4Bi7iGYa/jH:NC0JEIN66TKmV6RViSFfkqiO20eR5nl

Score

8^/10

Drops file in Drivers directory 1 IoCs

description	ioc	Process
File opened for modification	C:\Windows\SysWOW64\drivers\et1\hosts	f4d7b00f420869bd0a601d27c81de30ec79ea4c40c98ca11a1699992eb0dd6d6.exe

Suspicious behavior: EnumeratesProcesses 2 IoCs

pid	Process
812	f4d7b00f420869bd0a601d27c81de30ec79ea4c40c98ca11a1699992eb0dd6d6.exe
812	f4d7b00f420869bd0a601d27c81de30ec79ea4c40c98ca11a1699992eb0dd6d6.exe

Suspicious use of AdjustPrivilegeToken 1 IoCs

description	pid	Process
Token: SeDebugPrivilege	812	f4d7b00f420869bd0a601d27c81de30ec79ea4c40c98ca11a1699992eb0dd6d6.exe

memory/812-132-0x0000000000100000-0x00000000009D2D8A-memory.dmp

Filesize
8.8MB

Download
memory/812-133-0x0000000000100000-0x00000000009D2D8A-memory.dmp

Filesize
8.8MB

Download