7e159c9c5977e3b566884198336d55b5982c55b61bdb9f974c1e0b2f80008959

Analysis

max time kernel
133s
max time network
124s
platform
windows10-2004_x64
resource
win10v2004-20240709-en
resource tags

arch:x64arch:x86image:win10v2004-20240709-enlocale:en-usos:windows10-2004-x64system
submitted
26-07-2024 06:00

Target

xhost.exe
Size

2.1MB
MD5

bf0807d740b9c6ef8b6c7f44bc405bd6
SHA1

674c295911a58598a4cd22ea70362d1d9625a2ac
SHA256

7e159c9c5977e3b566884198336d55b5982c55b61bdb9f974c1e0b2f80008959
SHA512

1c660d22456c5ee2440742ec9f32e9621894b5521396112fed8a771d9249ab445e5f70f60af30de1c91b5e9ec8fabf3094f65d55a80dc4e008eca1ee42b0d2ae
SSDEEP

49152:PWHMtdL0qBnuVj0qh2P/Yu44NWyZwVLbbuygTNkgnBY:PWstV02nuVj0qh2HYu44NWyZwV3buyg2

Score

1^/10

Suspicious behavior: EnumeratesProcesses 2 IoCs

pid	Process
3456	xhost.exe
3456	xhost.exe

Suspicious use of AdjustPrivilegeToken 35 IoCs

description	pid	Process
Token: 0	3456	xhost.exe
Token: 1	3456	xhost.exe
Token: SeCreateTokenPrivilege	3456	xhost.exe
Token: SeAssignPrimaryTokenPrivilege	3456	xhost.exe
Token: SeLockMemoryPrivilege	3456	xhost.exe
Token: SeIncreaseQuotaPrivilege	3456	xhost.exe
Token: SeMachineAccountPrivilege	3456	xhost.exe
Token: SeTcbPrivilege	3456	xhost.exe
Token: SeSecurityPrivilege	3456	xhost.exe
Token: SeTakeOwnershipPrivilege	3456	xhost.exe
Token: SeLoadDriverPrivilege	3456	xhost.exe
Token: SeSystemProfilePrivilege	3456	xhost.exe
Token: SeSystemtimePrivilege	3456	xhost.exe
Token: SeProfSingleProcessPrivilege	3456	xhost.exe
Token: SeIncBasePriorityPrivilege	3456	xhost.exe
Token: SeCreatePagefilePrivilege	3456	xhost.exe
Token: SeCreatePermanentPrivilege	3456	xhost.exe
Token: SeBackupPrivilege	3456	xhost.exe
Token: SeRestorePrivilege	3456	xhost.exe
Token: SeShutdownPrivilege	3456	xhost.exe
Token: SeDebugPrivilege	3456	xhost.exe
Token: SeAuditPrivilege	3456	xhost.exe
Token: SeSystemEnvironmentPrivilege	3456	xhost.exe
Token: SeChangeNotifyPrivilege	3456	xhost.exe
Token: SeRemoteShutdownPrivilege	3456	xhost.exe
Token: SeUndockPrivilege	3456	xhost.exe
Token: SeSyncAgentPrivilege	3456	xhost.exe
Token: SeEnableDelegationPrivilege	3456	xhost.exe
Token: SeManageVolumePrivilege	3456	xhost.exe
Token: SeImpersonatePrivilege	3456	xhost.exe
Token: SeCreateGlobalPrivilege	3456	xhost.exe
Token: 31	3456	xhost.exe
Token: 32	3456	xhost.exe
Token: 33	3456	xhost.exe
Token: 34	3456	xhost.exe

Suspicious use of FindShellTrayWindow 1 IoCs

pid	Process
3456	xhost.exe

memory/3456-0-0x00007FFE7928D000-0x00007FFE7928E000-memory.dmp

Filesize
4KB

Download
memory/3456-1-0x00007FFE791F0000-0x00007FFE793E5000-memory.dmp

Filesize
2.0MB

Download
memory/3456-2-0x00007FFE791F0000-0x00007FFE793E5000-memory.dmp

Filesize
2.0MB

Download
memory/3456-3-0x00007FFE791F0000-0x00007FFE793E5000-memory.dmp

Filesize
2.0MB

Download