93b96a1511a6f2084db207b831e3e072d8e5a4901592db660d456d10e5f618dd

Analysis

Target

ce8db50913eff9d4e600312d7c446b4a.exe
Size

691KB
MD5

ce8db50913eff9d4e600312d7c446b4a
SHA1

6ed1b7efb1acb82b5856824a66b0a70af319109f
SHA256

93b96a1511a6f2084db207b831e3e072d8e5a4901592db660d456d10e5f618dd
SHA512

74f979d6678ab68b6063b8497f37303d41c0f084ee198d0260fd90fc28aa8a1e1cc55a8bcd65cff7c05338bc93e23b33767efa1d0c8974a1a3039916835d05e4

Score

3^/10

Program crash 1 IoCs

pid	pid_target	Process	procid_target
556	1556	WerFault.exe	13

Suspicious behavior: EnumeratesProcesses 5 IoCs

Suspicious behavior: GetForegroundWindowSpam 1 IoCs

pid	Process
556	WerFault.exe

Suspicious use of AdjustPrivilegeToken 2 IoCs

description	pid	Process
Token: SeDebugPrivilege	1556	ce8db50913eff9d4e600312d7c446b4a.exe
Token: SeDebugPrivilege	556	WerFault.exe

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 1556 wrote to memory of 556	1556	ce8db50913eff9d4e600312d7c446b4a.exe	27
PID 1556 wrote to memory of 556	1556	ce8db50913eff9d4e600312d7c446b4a.exe	27
PID 1556 wrote to memory of 556	1556	ce8db50913eff9d4e600312d7c446b4a.exe	27

memory/556-59-0x000007FEFC2D1000-0x000007FEFC2D3000-memory.dmp

Filesize
8KB

Download
memory/556-60-0x0000000000360000-0x0000000000361000-memory.dmp

Filesize
4KB

Download
memory/1556-54-0x000000013F5C0000-0x000000013F672000-memory.dmp

Filesize
712KB

Download
memory/1556-55-0x000000013F5C0000-0x000000013F672000-memory.dmp

Filesize
712KB

Download
memory/1556-56-0x00000000005D0000-0x00000000005F4000-memory.dmp

Filesize
144KB

Download
memory/1556-57-0x000000001B070000-0x000000001B072000-memory.dmp

Filesize
8KB

Download