461488dac225040638ea77dc0975f38b2ed72186d3485f800ee613617e3f46c0

Analysis

max time kernel
119s
max time network
122s
platform
windows7_x64
resource
win7-20230712-en
resource tags

arch:x64arch:x86image:win7-20230712-enlocale:en-usos:windows7-x64system
submitted
01/08/2023, 21:05

Target

spoofer.exe
Size

46KB
MD5

8bca0d339dc5406f7b473d2d9d613d8d
SHA1

849f161bbfc3258ad12554bc28b886438fca4b2b
SHA256

461488dac225040638ea77dc0975f38b2ed72186d3485f800ee613617e3f46c0
SHA512

cdb869e4b8b98fb3fc2b210cb1f3744c4febaa91076d25ffa4e388f318253782107320eb95a636e9802c215451f6f0e4ea63dd0f69b466f9c45d21d0d75c6934
SSDEEP

768:2/3ycTl8SgNVbbATYsBdEgBg8nw9IxF5uek7SkqQ9MYmBYc3qeU:2/5+SybAT1ByIxWl7b9CQeU

Score

4^/10

Drops file in Windows directory 2 IoCs

description	ioc	Process
File created	C:\Windows\IME\NullSMDisk.sys	spoofer.exe
File created	C:\Windows\DpCl.exe	spoofer.exe

Suspicious use of AdjustPrivilegeToken 1 IoCs

description	pid	Process
Token: SeDebugPrivilege	2076	spoofer.exe

memory/2076-54-0x0000000000C40000-0x0000000000C50000-memory.dmp

Filesize
64KB

Download
memory/2076-55-0x0000000074310000-0x00000000749FE000-memory.dmp

Filesize
6.9MB

Download
memory/2076-56-0x0000000000230000-0x0000000000242000-memory.dmp

Filesize
72KB

Download
memory/2076-57-0x0000000000250000-0x0000000000256000-memory.dmp

Filesize
24KB

Download
memory/2076-58-0x00000000049E0000-0x0000000004A20000-memory.dmp

Filesize
256KB

Download
memory/2076-59-0x0000000074310000-0x00000000749FE000-memory.dmp

Filesize
6.9MB

Download
memory/2076-60-0x00000000049E0000-0x0000000004A20000-memory.dmp

Filesize
256KB

Download