a6d0f259b2b73cbdb47725c2e8b229beba7aba0b2881957dd8694128ffe855ef

Analysis

max time kernel
145s
max time network
142s
platform
windows10-2004_x64
resource
win10v2004-20231215-en
resource tags

arch:x64arch:x86image:win10v2004-20231215-enlocale:en-usos:windows10-2004-x64system
submitted
25/12/2023, 07:47

Target

0ff79b53ba26f6bafc74df98f43671db.exe
Size

2.1MB
MD5

0ff79b53ba26f6bafc74df98f43671db
SHA1

f83382bcb40c81f8eb371ec8560c537eab17d414
SHA256

a6d0f259b2b73cbdb47725c2e8b229beba7aba0b2881957dd8694128ffe855ef
SHA512

613d00636d06997ec218d554b4b40d1cd5cb57c5e411f1d0ea3e493ae7cc3f47aed62cd6036f749ed4661bc22996745221141bd7c3e18523e77abeb4239cd6de
SSDEEP

49152:MkijiS4YGk3s1XnI4beHI9sqgPV+PMetJZGdbaBDVnTMFS9JgMT4/c:6OYi1XnI4io4yM+JZOaxyAJgME/c

Score

8^/10

Drops file in Drivers directory 1 IoCs

description	ioc	Process
File opened for modification	C:\Windows\SysWOW64\drivers\et1\hosts	0ff79b53ba26f6bafc74df98f43671db.exe

Suspicious behavior: EnumeratesProcesses 2 IoCs

pid	Process
1420	0ff79b53ba26f6bafc74df98f43671db.exe
1420	0ff79b53ba26f6bafc74df98f43671db.exe

Suspicious use of AdjustPrivilegeToken 1 IoCs

description	pid	Process
Token: SeDebugPrivilege	1420	0ff79b53ba26f6bafc74df98f43671db.exe

memory/1420-0-0x0000000000100000-0x00000000007BE000-memory.dmp

Filesize
6.7MB

Download
memory/1420-1-0x0000000000100000-0x00000000007BE000-memory.dmp

Filesize
6.7MB

Download
memory/1420-2-0x0000000000100000-0x00000000007BE000-memory.dmp

Filesize
6.7MB

Download
memory/1420-3-0x0000000000D90000-0x0000000000D91000-memory.dmp

Filesize
4KB

Download
memory/1420-4-0x0000000000100000-0x00000000007BE000-memory.dmp

Filesize
6.7MB

Download
memory/1420-6-0x0000000000D90000-0x0000000000D91000-memory.dmp

Filesize
4KB

Download