f47db48129530cf19f3c42f0c9f38ce1915f403469483661999dc2b19e12650b

Resubmissions

31-03-2022 16:03

03-02-2022 08:05

Target

d2f181221ba9049c02ed7283c9144c7c.exe
Size

1.7MB
MD5

d2f181221ba9049c02ed7283c9144c7c
SHA1

b4ed1b4714112d5fc3c7b4673e19ed26ae4c6e85
SHA256

f47db48129530cf19f3c42f0c9f38ce1915f403469483661999dc2b19e12650b
SHA512

ab0b9a029489f6b3a091c7823b5523ea3cfd8677b32eddd48ba7e64694e4146c3292589d9d09bd0cc5908c9d86c830ee21e75f8712e6f3a2cba2cfd853f372a1

Score

3^/10

Program crash 1 IoCs

pid	pid_target	Process	procid_target
792	744	WerFault.exe	26

Suspicious behavior: EnumeratesProcesses 5 IoCs

Suspicious behavior: GetForegroundWindowSpam 1 IoCs

pid	Process
792	WerFault.exe

Suspicious use of AdjustPrivilegeToken 2 IoCs

description	pid	Process
Token: SeDebugPrivilege	744	d2f181221ba9049c02ed7283c9144c7c.exe
Token: SeDebugPrivilege	792	WerFault.exe

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 744 wrote to memory of 792	744	d2f181221ba9049c02ed7283c9144c7c.exe	29
PID 744 wrote to memory of 792	744	d2f181221ba9049c02ed7283c9144c7c.exe	29
PID 744 wrote to memory of 792	744	d2f181221ba9049c02ed7283c9144c7c.exe	29

memory/744-54-0x0000000000D80000-0x0000000000F42000-memory.dmp

Filesize
1.8MB

Download
memory/744-55-0x000000001B140000-0x000000001B142000-memory.dmp

Filesize
8KB

Download
memory/792-56-0x000007FEFBE91000-0x000007FEFBE93000-memory.dmp

Filesize
8KB

Download
memory/792-57-0x0000000001CE0000-0x0000000001CE1000-memory.dmp

Filesize
4KB

Download