5ebdcc33432e612a7bdb717c9f81a7b4243f257f5b57a747076dcb0efc1c7dde

Analysis

max time kernel
119s
max time network
154s
platform
windows10-2004_x64
resource
win10v2004-20220901-en
resource tags

arch:x64arch:x86image:win10v2004-20220901-enlocale:en-usos:windows10-2004-x64system
submitted
11/01/2023, 14:01

Target

whiteHack.exe
Size

2.5MB
MD5

d3e36017d18f264d440ec9d7a5b3e764
SHA1

5c5263a8385c86ae83e5b5ecacae34ec7f4bd271
SHA256

49b3044300dd768c9d4fc5ca68690457e5eea554a82bd7908b2d5b0db163b6de
SHA512

7e65da5349d76d25de19c9176c5164deb9ff9fd6594335bd6baf759d02e3058ac2256bbecbc3e3ebfb09f59d9c524e8112435e002bc0173ab5ae83603c22ca96
SSDEEP

24576:cFllRSBmjWU0SsPzg+uoh+4O9bZGMUIHmQxipXxzDCoNG3ewfV6cQX9BRUDTnPuk:sTMcjTd6g+Lh+34GmJf20aPX

Score

3^/10

Program crash 2 IoCs

pid	pid_target	Process	procid_target
4776	1916	WerFault.exe	80
1368	4612	WerFault.exe	16

Suspicious use of AdjustPrivilegeToken 1 IoCs

description	pid	Process
Token: SeDebugPrivilege	1916	whiteHack.exe

C:\Users\Admin\AppData\Local\Temp\whiteHack.exe
"C:\Users\Admin\AppData\Local\Temp\whiteHack.exe"
1⤵
- Suspicious use of AdjustPrivilegeToken
PID:1916
- C:\Windows\SysWOW64\WerFault.exe
  C:\Windows\SysWOW64\WerFault.exe -u -p 1916 -s 129624
  2⤵
  - Program crash
  PID:4776

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 420 -p 1916 -ip 1916
1⤵
PID:4152

C:\Windows\system32\WerFault.exe
C:\Windows\system32\WerFault.exe -pss -s 540 -p 4612 -ip 4612
1⤵
PID:2616

C:\Windows\system32\WerFault.exe
C:\Windows\system32\WerFault.exe -u -p 4612 -s 2492
1⤵
- Program crash
PID:1368

C:\Windows\System32\rundll32.exe
C:\Windows\System32\rundll32.exe C:\Windows\System32\shell32.dll,SHCreateLocalServerRunDll {9aa46009-3ce0-458a-a354-715610a075e6} -Embedding
1⤵
PID:4384

memory/1916-132-0x0000000000850000-0x0000000000ACE000-memory.dmp

Filesize
2.5MB

Download