b8beb5e27fc339772b63ed454ec054a16b554e5c354eab8de7b4addbe238f403

Analysis

max time kernel
93s
max time network
127s
platform
windows10-2004_x64
resource
win10v2004-20240802-en
resource tags

arch:x64arch:x86image:win10v2004-20240802-enlocale:en-usos:windows10-2004-x64system
submitted
18/09/2024, 15:15

Target

op/Hazel.exe
Size

8KB
MD5

1ad818406f06d1cb728b5d0f324fb3b5
SHA1

2cedfaef2739f3960194b19e3ee61eeec4820f3e
SHA256

85a6ac13510983b3a29ccb2527679d91c86c1f91fdfee68913bc5d3d01eeda2b
SHA512

4703dc1549cedf09eab7c7862ec340ad0b5750149374a0cb281f5b985e594851a11757966a0f90307937e7a9b19dbdd8e50051142081b81536ea64b5d05c0085
SSDEEP

96:Mj3Er0k4gZJUoWYs9a5O8ng8nK8n6Y+9heuYkUBmaTbkBXBgf6nt3xy72NqNE5TS:MjUr0xgDeodn9n/nD+KL+aTbu1toC3g

Score

1^/10

Suspicious behavior: EnumeratesProcesses 2 IoCs

pid	Process
4296	Hazel.exe
4296	Hazel.exe

Suspicious use of AdjustPrivilegeToken 1 IoCs

description	pid	Process
Token: SeDebugPrivilege	4296	Hazel.exe

Suspicious use of WriteProcessMemory 6 IoCs

description	pid	Process	procid_target
PID 4296 wrote to memory of 4588	4296	Hazel.exe	82
PID 4296 wrote to memory of 4588	4296	Hazel.exe	82
PID 4588 wrote to memory of 1540	4588	cmd.exe	84
PID 4588 wrote to memory of 1540	4588	cmd.exe	84
PID 4296 wrote to memory of 2356	4296	Hazel.exe	85
PID 4296 wrote to memory of 2356	4296	Hazel.exe	85

memory/4296-0-0x00007FFC19133000-0x00007FFC19135000-memory.dmp

Filesize
8KB

Download
memory/4296-1-0x00000000002E0000-0x00000000002E8000-memory.dmp

Filesize
32KB

Download
memory/4296-2-0x00007FFC19133000-0x00007FFC19135000-memory.dmp

Filesize
8KB

Download
memory/4296-3-0x00007FFC19130000-0x00007FFC19BF1000-memory.dmp

Filesize
10.8MB

Download
memory/4296-4-0x00007FFC19130000-0x00007FFC19BF1000-memory.dmp

Filesize
10.8MB

Download