ce824d6210e678b8df7985f6b81e09e18835b3b316f7df2e6e08fb17a48dd833

Analysis

max time kernel
31s
max time network
62s
platform
windows10-2004_x64
resource
win10v2004-20221111-en
resource tags

arch:x64arch:x86image:win10v2004-20221111-enlocale:en-usos:windows10-2004-x64system
submitted
18-12-2022 13:36

Target

moonspoofer-main/moonspoofer/publikuj/Application Files/MoonSpoofer_1_0_0_26/MoonSpoofer.exe
Size

367KB
MD5

c12a0e244da07ce09ccc160f2bc8fbcf
SHA1

551a982795bc354ee1d04d83c06ad718f9f06048
SHA256

b3aa733289b64e3c789fc997bd07c88d29b31fddca482dcd49a2ffe889b8719a
SHA512

238a69f1201987532bc8abbd96d7fb9759ad618890fc79d2c934b90ad05d67b9243cef225d5cd6978f0518a2600207887d457ccec6eae5e6f26bc2334a2f2fbd
SSDEEP

6144:YXnxbPLaA9v7xpKpLo/3Ew/uo27pUogiDsZAEw/uo2uEw/uo2uEw/uo23ja0L:8Ws0K527lsZK52hK52hK52Ta0L

Score

1^/10

Delays execution with timeout.exe 1 IoCs

evasion

pid	Process
4668	timeout.exe

Suspicious use of AdjustPrivilegeToken 1 IoCs

description	pid	Process
Token: SeDebugPrivilege	4948	MoonSpoofer.exe

Suspicious use of WriteProcessMemory 9 IoCs

description	pid	Process	procid_target
PID 4948 wrote to memory of 4152	4948	MoonSpoofer.exe	82
PID 4948 wrote to memory of 4152	4948	MoonSpoofer.exe	82
PID 4948 wrote to memory of 4152	4948	MoonSpoofer.exe	82
PID 4152 wrote to memory of 1360	4152	cmd.exe	84
PID 4152 wrote to memory of 1360	4152	cmd.exe	84
PID 4152 wrote to memory of 1360	4152	cmd.exe	84
PID 1360 wrote to memory of 4668	1360	cmd.exe	86
PID 1360 wrote to memory of 4668	1360	cmd.exe	86
PID 1360 wrote to memory of 4668	1360	cmd.exe	86

memory/1360-140-0x0000000000000000-mapping.dmp

Download
memory/4152-139-0x0000000000000000-mapping.dmp

Download
memory/4668-141-0x0000000000000000-mapping.dmp

Download
memory/4948-132-0x00000000001E0000-0x0000000000240000-memory.dmp

Filesize
384KB

Download
memory/4948-133-0x0000000005120000-0x00000000056C4000-memory.dmp

Filesize
5.6MB

Download
memory/4948-134-0x0000000004A80000-0x0000000004B12000-memory.dmp

Filesize
584KB

Download
memory/4948-135-0x0000000004B40000-0x0000000004B4A000-memory.dmp

Filesize
40KB

Download
memory/4948-136-0x0000000004EA0000-0x0000000004FEE000-memory.dmp

Filesize
1.3MB

Download
memory/4948-137-0x0000000005C00000-0x0000000005FC0000-memory.dmp

Filesize
3.8MB

Download
memory/4948-138-0x0000000009050000-0x0000000009062000-memory.dmp

Filesize
72KB

Download