461488dac225040638ea77dc0975f38b2ed72186d3485f800ee613617e3f46c0

Analysis

max time kernel
120s
max time network
123s
platform
windows7_x64
resource
win7-20230712-en
resource tags

arch:x64arch:x86image:win7-20230712-enlocale:en-usos:windows7-x64system
submitted
14/07/2023, 21:24

Target

spoofer.exe
Size

46KB
MD5

8bca0d339dc5406f7b473d2d9d613d8d
SHA1

849f161bbfc3258ad12554bc28b886438fca4b2b
SHA256

461488dac225040638ea77dc0975f38b2ed72186d3485f800ee613617e3f46c0
SHA512

cdb869e4b8b98fb3fc2b210cb1f3744c4febaa91076d25ffa4e388f318253782107320eb95a636e9802c215451f6f0e4ea63dd0f69b466f9c45d21d0d75c6934
SSDEEP

768:2/3ycTl8SgNVbbATYsBdEgBg8nw9IxF5uek7SkqQ9MYmBYc3qeU:2/5+SybAT1ByIxWl7b9CQeU

Score

4^/10

Drops file in Windows directory 1 IoCs

description	ioc	Process
File created	C:\Windows\IME\NullSMDisk.sys	spoofer.exe

Suspicious use of AdjustPrivilegeToken 1 IoCs

description	pid	Process
Token: SeDebugPrivilege	1276	spoofer.exe

memory/1276-54-0x00000000009B0000-0x00000000009C0000-memory.dmp

Filesize
64KB

Download
memory/1276-55-0x00000000747E0000-0x0000000074ECE000-memory.dmp

Filesize
6.9MB

Download
memory/1276-56-0x00000000001F0000-0x0000000000202000-memory.dmp

Filesize
72KB

Download
memory/1276-57-0x0000000000360000-0x0000000000366000-memory.dmp

Filesize
24KB

Download
memory/1276-58-0x0000000004B40000-0x0000000004B80000-memory.dmp

Filesize
256KB

Download
memory/1276-59-0x00000000747E0000-0x0000000074ECE000-memory.dmp

Filesize
6.9MB

Download
memory/1276-60-0x0000000004B40000-0x0000000004B80000-memory.dmp

Filesize
256KB

Download