ce824d6210e678b8df7985f6b81e09e18835b3b316f7df2e6e08fb17a48dd833

Analysis

max time kernel
29s
max time network
47s
platform
windows10-2004_x64
resource
win10v2004-20220812-en
resource tags

arch:x64arch:x86image:win10v2004-20220812-enlocale:en-usos:windows10-2004-x64system
submitted
18/12/2022, 13:36

Target

moonspoofer-main/moonspoofer/publikuj/Application Files/UranSpoofer_1_0_0_6/UranSpoofer.exe
Size

212KB
MD5

31adedb56dae561a4b71e13113ffe802
SHA1

5083f6ce5815f6c0585fa92952528532b60e3e19
SHA256

e402a2b9f03a5d7b9d136b050b78746e3829c8590e0e27d48f2bca9c72b8059e
SHA512

623aab2180ac991f5dc350f964d738b102833c92f3d38887ac028de23d6303474959e4d06f3d886724c40ae86a51e4d2f582fc4e83fc42e6f6a421f413e97cb3
SSDEEP

6144:nfIblRIAV/MgltzPVVlm6L/6GnVUGB1dI7HlyV6GnVY6GnVYG:fq/VvDV7mY/6mUCW06mY6m/

Score

1^/10

Delays execution with timeout.exe 1 IoCs

evasion

pid	Process
3092	timeout.exe

Suspicious use of AdjustPrivilegeToken 1 IoCs

description	pid	Process
Token: SeDebugPrivilege	4988	UranSpoofer.exe

Suspicious use of WriteProcessMemory 9 IoCs

description	pid	Process	procid_target
PID 4988 wrote to memory of 2068	4988	UranSpoofer.exe	81
PID 4988 wrote to memory of 2068	4988	UranSpoofer.exe	81
PID 4988 wrote to memory of 2068	4988	UranSpoofer.exe	81
PID 2068 wrote to memory of 428	2068	cmd.exe	83
PID 2068 wrote to memory of 428	2068	cmd.exe	83
PID 2068 wrote to memory of 428	2068	cmd.exe	83
PID 428 wrote to memory of 3092	428	cmd.exe	85
PID 428 wrote to memory of 3092	428	cmd.exe	85
PID 428 wrote to memory of 3092	428	cmd.exe	85

memory/4988-132-0x0000000000280000-0x00000000002BA000-memory.dmp

Filesize
232KB

Download
memory/4988-133-0x0000000005250000-0x00000000057F4000-memory.dmp

Filesize
5.6MB

Download
memory/4988-134-0x0000000004CA0000-0x0000000004D32000-memory.dmp

Filesize
584KB

Download
memory/4988-135-0x0000000004C00000-0x0000000004C12000-memory.dmp

Filesize
72KB

Download
memory/4988-136-0x0000000004C80000-0x0000000004C8A000-memory.dmp

Filesize
40KB

Download
memory/4988-137-0x00000000050F0000-0x000000000523E000-memory.dmp

Filesize
1.3MB

Download
memory/4988-138-0x0000000005DC0000-0x0000000006180000-memory.dmp

Filesize
3.8MB

Download