529ee55564934710c5861dafd00d64fc9169b61a0928c418e26d3d1eb434d188

Analysis

max time kernel
176s
max time network
199s
platform
windows10-2004_x64
resource
win10v2004-20221111-en
resource tags

arch:x64arch:x86image:win10v2004-20221111-enlocale:en-usos:windows10-2004-x64system
submitted
23-11-2022 14:19

Target

529ee55564934710c5861dafd00d64fc9169b61a0928c418e26d3d1eb434d188.exe
Size

18KB
MD5

95b60ae925467909832716f5ea1e2752
SHA1

b05b8463d19b2186e7a7f6a02b74a12bdcd20ee6
SHA256

529ee55564934710c5861dafd00d64fc9169b61a0928c418e26d3d1eb434d188
SHA512

3824b8b1bbc1b3755213754a7adb2cc7e6f330abb69f9cc9e0b22abc598ec2b95d187fa59d390458cf96b2d50cdbd00cd129de7a0d26aae0e6d6407910c400ce
SSDEEP

384:PYwcG+ri14gjODI3CYIrxk+ThU0+RmHvMmM6lJoT:PFkrkvj+Iyvri+F7FM6luT

Score

3^/10

Program crash 1 IoCs

Processes:

WerFault.exe

pid pid_target process target process

2364 3584 WerFault.exe 529ee55564934710c5861dafd00d64fc9169b61a0928c418e26d3d1eb434d188.exe
Suspicious use of AdjustPrivilegeToken 1 IoCs

Processes:

529ee55564934710c5861dafd00d64fc9169b61a0928c418e26d3d1eb434d188.exe

description pid process

Token: SeDebugPrivilege 3584 529ee55564934710c5861dafd00d64fc9169b61a0928c418e26d3d1eb434d188.exe

pid	pid_target	process	target process
2364	3584	WerFault.exe	529ee55564934710c5861dafd00d64fc9169b61a0928c418e26d3d1eb434d188.exe

description	pid	process
Token: SeDebugPrivilege	3584	529ee55564934710c5861dafd00d64fc9169b61a0928c418e26d3d1eb434d188.exe

C:\Users\Admin\AppData\Local\Temp\529ee55564934710c5861dafd00d64fc9169b61a0928c418e26d3d1eb434d188.exe
"C:\Users\Admin\AppData\Local\Temp\529ee55564934710c5861dafd00d64fc9169b61a0928c418e26d3d1eb434d188.exe"
1⤵
- Suspicious use of AdjustPrivilegeToken
PID:3584

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3584 -s 304
2⤵
- Program crash
PID:2364

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 188 -p 3584 -ip 3584
1⤵
PID:4620