f78bda643bc02054908c347ed64d7244d6da34cd8798aadf6e01313c8803c5bb

Analysis

max time kernel
87s
max time network
154s
platform
windows10-2004_x64
resource
win10v2004-20220812-en
resource tags

arch:x64arch:x86image:win10v2004-20220812-enlocale:en-usos:windows10-2004-x64system
submitted
07-02-2023 00:34

Target

a7c006a79a6ded6b1cb39a71183123dcaaaa21ea2684a8f199f27e16fcb30e8e.exe
Size

323.8MB
MD5

6315802a5c2570a5dc6460eaccc678a4
SHA1

3805588acfce5c1b0eeb5bd2e16a912208a77549
SHA256

f7a0c0519fc45fc498b46399982886633c79ba4c72d07fc9836cb5be2fb4685d
SHA512

05f379390a4ce1bab9799ae19f6d8cba862bb37eca8a6c98fae790342eb8ad626d79c63ad0c5c2e038f8368df7bc8a6fc1315b25c543651f2266bcfffe8a3cdd
SSDEEP

96:WAwa5N9p+ZNLDApFY1jAdhkxgqEQGnQUzNtd:WAwa5grL+OEyxgfFn/r

Score

3^/10

Program crash 1 IoCs

pid	pid_target	Process	procid_target
4272	3172	WerFault.exe	79

Suspicious use of AdjustPrivilegeToken 1 IoCs

description	pid	Process
Token: SeDebugPrivilege	3172	a7c006a79a6ded6b1cb39a71183123dcaaaa21ea2684a8f199f27e16fcb30e8e.exe

C:\Users\Admin\AppData\Local\Temp\a7c006a79a6ded6b1cb39a71183123dcaaaa21ea2684a8f199f27e16fcb30e8e.exe
"C:\Users\Admin\AppData\Local\Temp\a7c006a79a6ded6b1cb39a71183123dcaaaa21ea2684a8f199f27e16fcb30e8e.exe"
1⤵
- Suspicious use of AdjustPrivilegeToken
PID:3172
- C:\Windows\SysWOW64\WerFault.exe
  C:\Windows\SysWOW64\WerFault.exe -u -p 3172 -s 1696
  2⤵
  - Program crash
  PID:4272

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 416 -p 3172 -ip 3172
1⤵
PID:3572

memory/3172-132-0x0000000000760000-0x0000000000768000-memory.dmp

Filesize
32KB

Download