aadcd7f826198c71e998d31ae4ddd4f219d61ed27338ab7aec0c055749f1bc24

Analysis

max time kernel
61s
max time network
154s
platform
windows10-2004_x64
resource
win10v2004-20220901-en
resource tags

arch:x64arch:x86image:win10v2004-20220901-enlocale:en-usos:windows10-2004-x64system
submitted
12-10-2022 16:37

Target

aadcd7f826198c71e998d31ae4ddd4f219d61ed27338ab7aec0c055749f1bc24.exe
Size

523KB
MD5

9224e118f4c08d6d1011ca694be9df3b
SHA1

87799e7f922e8e0170a37c3c73ec7ca0a8b5ca92
SHA256

aadcd7f826198c71e998d31ae4ddd4f219d61ed27338ab7aec0c055749f1bc24
SHA512

597197e5d45712a88a8bda971a1f459228203b774b247efa6c1d405c9878b111b02063124e051b9a5f6eec11f5f220bad443917cd122a6da2b7c9d7cd96c6f8a
SSDEEP

6144:vK8LfFo13WU+kmGbW8m5Oq3zmzZVhnkidyPaiWaXukbSBykZBItx+:S8LfK+mb25OqdEFywI

Score

8^/10

Program crash 1 IoCs

pid	pid_target	Process	procid_target
1532	4480	WerFault.exe	74

Suspicious use of AdjustPrivilegeToken 1 IoCs

description	pid	Process
Token: SeDebugPrivilege	4480	aadcd7f826198c71e998d31ae4ddd4f219d61ed27338ab7aec0c055749f1bc24.exe

C:\Users\Admin\AppData\Local\Temp\aadcd7f826198c71e998d31ae4ddd4f219d61ed27338ab7aec0c055749f1bc24.exe
"C:\Users\Admin\AppData\Local\Temp\aadcd7f826198c71e998d31ae4ddd4f219d61ed27338ab7aec0c055749f1bc24.exe"
1⤵
- Suspicious use of AdjustPrivilegeToken
PID:4480
- C:\Windows\SysWOW64\WerFault.exe
  C:\Windows\SysWOW64\WerFault.exe -u -p 4480 -s 1820
  2⤵
  - Program crash
  PID:1532

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 376 -p 4480 -ip 4480
1⤵
PID:4624

memory/4480-132-0x0000000000980000-0x0000000000A0A000-memory.dmp

Filesize
552KB

Download
memory/4480-133-0x0000000005920000-0x0000000005EC4000-memory.dmp

Filesize
5.6MB

Download
memory/4480-134-0x0000000005410000-0x00000000054A2000-memory.dmp

Filesize
584KB

Download
memory/4480-135-0x00000000053D0000-0x00000000053DA000-memory.dmp

Filesize
40KB

Download