518261f1fa66ad1a7336a7e499391a02c7239fe665adac002c67d2633e2f8676

Analysis

max time kernel
43s
max time network
45s
platform
windows7_x64
resource
win7-20220812-en
resource tags

arch:x64arch:x86image:win7-20220812-enlocale:en-usos:windows7-x64system
submitted
25/12/2022, 04:47

Target

518261f1fa66ad1a7336a7e499391a02c7239fe665adac002c67d2633e2f8676.exe
Size

923KB
MD5

e3dd3606cec2635e2c938d145e2e7fcd
SHA1

1c3d8912a745080c164f24e075e95554d2761e54
SHA256

518261f1fa66ad1a7336a7e499391a02c7239fe665adac002c67d2633e2f8676
SHA512

a084b1514299f6030dd2276dc06477b54df5f39245e6cbdccc19185d95bd7974229b82f2022442a25b4191fe959f4a770495050d9b95e2d2b52c6352b226be3d
SSDEEP

12288:xIGAvAOr18CfCeGDRqn/MzetFCwrT92aSxNhlngQU9LxS2WlpbTvI:2GAIKyCfCFDgn0eFBN2awlgrMplRI

Score

3^/10

Program crash 1 IoCs

pid	pid_target	Process	procid_target
1500	868	WerFault.exe	26

Suspicious use of AdjustPrivilegeToken 1 IoCs

description	pid	Process
Token: SeDebugPrivilege	868	518261f1fa66ad1a7336a7e499391a02c7239fe665adac002c67d2633e2f8676.exe

Suspicious use of WriteProcessMemory 4 IoCs

description	pid	Process	procid_target
PID 868 wrote to memory of 1500	868	518261f1fa66ad1a7336a7e499391a02c7239fe665adac002c67d2633e2f8676.exe	27
PID 868 wrote to memory of 1500	868	518261f1fa66ad1a7336a7e499391a02c7239fe665adac002c67d2633e2f8676.exe	27
PID 868 wrote to memory of 1500	868	518261f1fa66ad1a7336a7e499391a02c7239fe665adac002c67d2633e2f8676.exe	27
PID 868 wrote to memory of 1500	868	518261f1fa66ad1a7336a7e499391a02c7239fe665adac002c67d2633e2f8676.exe	27

C:\Users\Admin\AppData\Local\Temp\518261f1fa66ad1a7336a7e499391a02c7239fe665adac002c67d2633e2f8676.exe
"C:\Users\Admin\AppData\Local\Temp\518261f1fa66ad1a7336a7e499391a02c7239fe665adac002c67d2633e2f8676.exe"
1⤵
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
PID:868
- C:\Windows\SysWOW64\WerFault.exe
  C:\Windows\SysWOW64\WerFault.exe -u -p 868 -s 1104
  2⤵
  - Program crash
  PID:1500

memory/868-54-0x0000000000300000-0x00000000003EC000-memory.dmp

Filesize
944KB

Download
memory/868-55-0x0000000000410000-0x0000000000416000-memory.dmp

Filesize
24KB

Download
memory/868-56-0x0000000075131000-0x0000000075133000-memory.dmp

Filesize
8KB

Download