Analysis
-
max time kernel
24s -
max time network
18s -
platform
windows11-21h2_x64 -
resource
win11-20240419-en -
resource tags
arch:x64arch:x86image:win11-20240419-enlocale:en-usos:windows11-21h2-x64system -
submitted
04/05/2024, 20:08
Static task
static1
Behavioral task
behavioral1
Sample
krnl_bootstrapper.exe
Resource
win11-20240419-en
2 signatures
150 seconds
General
-
Target
krnl_bootstrapper.exe
-
Size
1.2MB
-
MD5
f14153bbd95fc26d9ccea77c49cf09b9
-
SHA1
cb59f900711ea751c4322b4dab50fa2c0ee70b33
-
SHA256
27eab496d0b63d52c18cee063110d9d479523b58426bfcb58e420a5cae087c54
-
SHA512
7f7618cf6f15d85e82cbfff07ca6e1df0aa763d64d6a37fb659f1612b950d16a15b723ec053765e991485e74a7301617019b166dcaa759ed6f1a281a9ebc4ed0
-
SSDEEP
12288:aBVCrK2jsP3zv+FSF68GANNhWLS0B6L+FOCN+AzrnxdanvzFzho:SU7ecSgL6y+gk+rnxdarFu
Score
1/10
Malware Config
Signatures
-
Suspicious behavior: EnumeratesProcesses 1 IoCs
pid Process 1416 krnl_bootstrapper.exe -
Suspicious use of AdjustPrivilegeToken 1 IoCs
description pid Process Token: SeDebugPrivilege 1416 krnl_bootstrapper.exe