ce2f6e266eab26c92b5451bbdaa069c4bf4a06e8f99be8da0cb29596ac168958

Analysis

max time kernel
91s
max time network
94s
platform
windows11-21h2_x64
resource
win11-20240426-en
resource tags

arch:x64arch:x86image:win11-20240426-enlocale:en-usos:windows11-21h2-x64system
submitted
08/05/2024, 16:38

Target

Haze woofer.exe
Size

48KB
MD5

0b989cac59f9575163d5a9c9e2b26b33
SHA1

3fe0a85cb7478f82b9a095c31097c718c30ac386
SHA256

ce2f6e266eab26c92b5451bbdaa069c4bf4a06e8f99be8da0cb29596ac168958
SHA512

f4b6a2b8c9fdbd48fabd5645885cf9552ec23cdd0d88e7202ebf62108a0fec86b3c4cb920c32f7ecd737451e863a94196e2809ebbb4b4bf3ce02512e9d1a4d55
SSDEEP

768:TbTUiTSqQsP8hEvBBp2HUVWNoNbZwAoIsQrjPQXTH9tHUYc3qeU:/TVssP86v80VWKNb6AoIsWj4XTHrHPeU

Score

4^/10

Drops file in Windows directory 1 IoCs

description	ioc	Process
File created	C:\Windows\INF\.NET CLR Data\0000\nescher_2.exe	Haze woofer.exe

Suspicious use of AdjustPrivilegeToken 1 IoCs

description	pid	Process
Token: SeDebugPrivilege	828	Haze woofer.exe

C:\Windows\System32\rundll32.exe
C:\Windows\System32\rundll32.exe C:\Windows\System32\shell32.dll,SHCreateLocalServerRunDll {9aa46009-3ce0-458a-a354-715610a075e6} -Embedding
1⤵
PID:1404

memory/828-0-0x0000000074D4E000-0x0000000074D4F000-memory.dmp

Filesize
4KB

Download
memory/828-1-0x00000000007F0000-0x0000000000802000-memory.dmp

Filesize
72KB

Download
memory/828-2-0x00000000051D0000-0x00000000051E2000-memory.dmp

Filesize
72KB

Download
memory/828-3-0x0000000074D40000-0x00000000754F1000-memory.dmp

Filesize
7.7MB

Download
memory/828-4-0x0000000005C80000-0x0000000005CBC000-memory.dmp

Filesize
240KB

Download
memory/828-5-0x0000000005FC0000-0x0000000006052000-memory.dmp

Filesize
584KB

Download
memory/828-6-0x0000000074D4E000-0x0000000074D4F000-memory.dmp

Filesize
4KB

Download
memory/828-7-0x0000000074D40000-0x00000000754F1000-memory.dmp

Filesize
7.7MB

Download
memory/828-9-0x0000000074D40000-0x00000000754F1000-memory.dmp

Filesize
7.7MB

Download