b14be0ef0ab6ede73de098f5d6d5f7bbc31a03c5109180b720517767ee88ad0d

Analysis

max time kernel
125s
max time network
155s
platform
windows10-2004_x64
resource
win10v2004-20220901-en
resource tags

arch:x64arch:x86image:win10v2004-20220901-enlocale:en-usos:windows10-2004-x64system
submitted
23-11-2022 18:22

Target

b14be0ef0ab6ede73de098f5d6d5f7bbc31a03c5109180b720517767ee88ad0d.exe
Size

513KB
MD5

53588683a2b9d0fd43239648d6680cc0
SHA1

fd712c7a7d2a3c994af32bf8bd6ca67722366bd5
SHA256

b14be0ef0ab6ede73de098f5d6d5f7bbc31a03c5109180b720517767ee88ad0d
SHA512

d1c18c21db078d8067307f5de91e08c9c9fa62b2ea311e65474343e16233fbefe35d044025cbce63b10c07fd0da1988019b183e338bc75fe55379f9761a49964
SSDEEP

6144:bQeNai17Y56rKnBfWhveajzxwIEUYPaOYXS0RBzz7sLPlEmCfYqz:bQeN/7YkrWBfWhvRhQU80ScBILd+YG

Score

4^/10

Drops file in Program Files directory 1 IoCs

description	ioc	Process
File opened for modification	C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe	b14be0ef0ab6ede73de098f5d6d5f7bbc31a03c5109180b720517767ee88ad0d.exe

Program crash 1 IoCs

pid	pid_target	Process	procid_target
3872	1780	WerFault.exe	82

Suspicious use of AdjustPrivilegeToken 1 IoCs

description	pid	Process
Token: SeTakeOwnershipPrivilege	1780	b14be0ef0ab6ede73de098f5d6d5f7bbc31a03c5109180b720517767ee88ad0d.exe

C:\Users\Admin\AppData\Local\Temp\b14be0ef0ab6ede73de098f5d6d5f7bbc31a03c5109180b720517767ee88ad0d.exe
"C:\Users\Admin\AppData\Local\Temp\b14be0ef0ab6ede73de098f5d6d5f7bbc31a03c5109180b720517767ee88ad0d.exe"
1⤵
- Drops file in Program Files directory
- Suspicious use of AdjustPrivilegeToken
PID:1780
- C:\Windows\SysWOW64\WerFault.exe
  C:\Windows\SysWOW64\WerFault.exe -u -p 1780 -s 780
  2⤵
  - Program crash
  PID:3872

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 184 -p 1780 -ip 1780
1⤵
PID:2680

memory/1780-132-0x000000004AD00000-0x000000004AE9A000-memory.dmp

Filesize
1.6MB

Download
memory/1780-133-0x000000004AD00000-0x000000004AE9A000-memory.dmp

Filesize
1.6MB

Download