6a0f48c1675f0f99f319886f30fcf42992891c56f17f125267931ed5f14f2b71

Analysis

max time kernel
137s
max time network
139s
platform
windows10-2004_x64
resource
win10v2004-20230220-en
resource tags

arch:x64arch:x86image:win10v2004-20230220-enlocale:en-usos:windows10-2004-x64system
submitted
25/05/2023, 08:42

Target

KreYzeSpoofer.exe
Size

34KB
MD5

c9f7bd68ad5a8f35876759735a1d5cf6
SHA1

8d1f3ad11caac273a7ea1711c4fc0300097a07af
SHA256

6a0f48c1675f0f99f319886f30fcf42992891c56f17f125267931ed5f14f2b71
SHA512

0447b08fa6120b3fce5881807016177729e9bd95a603a8d2a1550f1308bd2f331207226f14cdf718302ce6c76f7735788e10e361bb7e1342bf492a315c2a5812
SSDEEP

768:nPBA9UJXDf1D4BrFTwYVi7UYqZbxKjIDoiWXr8pzeVjjtYcFwVc6K:n5qUJXDf1D4BrFlUYY6bxKjIUicr8pzu

Score

4^/10

Drops file in Windows directory 2 IoCs

description	ioc	Process
File created	C:\Windows\berny.to	KreYzeSpoofer.exe
File opened for modification	C:\Windows\berny.to	KreYzeSpoofer.exe

Suspicious use of AdjustPrivilegeToken 1 IoCs

description	pid	Process
Token: SeDebugPrivilege	2564	KreYzeSpoofer.exe

memory/2564-133-0x0000000000990000-0x000000000099E000-memory.dmp

Filesize
56KB

Download
memory/2564-134-0x0000000005240000-0x0000000005252000-memory.dmp

Filesize
72KB

Download
memory/2564-135-0x0000000005290000-0x00000000052A0000-memory.dmp

Filesize
64KB

Download
memory/2564-136-0x0000000005E40000-0x0000000005E7C000-memory.dmp

Filesize
240KB

Download
memory/2564-137-0x0000000005290000-0x00000000052A0000-memory.dmp

Filesize
64KB

Download
memory/2564-139-0x00000000064B0000-0x0000000006A54000-memory.dmp

Filesize
5.6MB

Download