23d03bc10db79df064bdb6e35404644fc5281838983ec404039725629f8209b9

Analysis

max time kernel
27s
max time network
31s
platform
windows7_x64
resource
win7-20230220-en
resource tags

arch:x64arch:x86image:win7-20230220-enlocale:en-usos:windows7-x64system
submitted
29/03/2023, 13:08

Target

746493a690aaa0fa0709f8e8e670a8f22f3099887d3980a97bee5e3d5bc17c05.exe
Size

793KB
MD5

cacc4dae26b1b73e13649e1940d282ce
SHA1

6dc54dc0a5330711d07c6d0997d4a8ff0624f4e2
SHA256

746493a690aaa0fa0709f8e8e670a8f22f3099887d3980a97bee5e3d5bc17c05
SHA512

ae7ee7b9d3c8275a9dbbc86afedc0acf9b5ec7708a4ba39d56a367d90c0572ba3e5386c628eb29463bef38b2f63d721edfebc3a46c1f9e78df6fd436b4e006ac
SSDEEP

24576:vk70TrcCdrvHq+OuAwcKfGRsvE1OaxSau+d7AfR:vkQTACxHq+OYcG89xSaAfR

Score

3^/10

Program crash 1 IoCs

pid	pid_target	Process	procid_target
1084	2040	WerFault.exe	26

Suspicious use of AdjustPrivilegeToken 1 IoCs

description	pid	Process
Token: SeDebugPrivilege	2040	746493a690aaa0fa0709f8e8e670a8f22f3099887d3980a97bee5e3d5bc17c05.exe

Suspicious use of WriteProcessMemory 4 IoCs

description	pid	Process	procid_target
PID 2040 wrote to memory of 1084	2040	746493a690aaa0fa0709f8e8e670a8f22f3099887d3980a97bee5e3d5bc17c05.exe	27
PID 2040 wrote to memory of 1084	2040	746493a690aaa0fa0709f8e8e670a8f22f3099887d3980a97bee5e3d5bc17c05.exe	27
PID 2040 wrote to memory of 1084	2040	746493a690aaa0fa0709f8e8e670a8f22f3099887d3980a97bee5e3d5bc17c05.exe	27
PID 2040 wrote to memory of 1084	2040	746493a690aaa0fa0709f8e8e670a8f22f3099887d3980a97bee5e3d5bc17c05.exe	27

C:\Users\Admin\AppData\Local\Temp\746493a690aaa0fa0709f8e8e670a8f22f3099887d3980a97bee5e3d5bc17c05.exe
"C:\Users\Admin\AppData\Local\Temp\746493a690aaa0fa0709f8e8e670a8f22f3099887d3980a97bee5e3d5bc17c05.exe"
1⤵
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
PID:2040
- C:\Windows\SysWOW64\WerFault.exe
  C:\Windows\SysWOW64\WerFault.exe -u -p 2040 -s 756
  2⤵
  - Program crash
  PID:1084

memory/2040-54-0x0000000004D40000-0x0000000004EEE000-memory.dmp

Filesize
1.7MB

Download
memory/2040-55-0x0000000004B90000-0x0000000004D3E000-memory.dmp

Filesize
1.7MB

Download
memory/2040-56-0x0000000004B50000-0x0000000004B90000-memory.dmp

Filesize
256KB

Download
memory/2040-57-0x0000000004B50000-0x0000000004B90000-memory.dmp

Filesize
256KB

Download
memory/2040-58-0x0000000004B50000-0x0000000004B90000-memory.dmp

Filesize
256KB

Download
memory/2040-59-0x0000000004B50000-0x0000000004B90000-memory.dmp

Filesize
256KB

Download
memory/2040-60-0x0000000004B50000-0x0000000004B90000-memory.dmp

Filesize
256KB

Download
memory/2040-61-0x0000000004B50000-0x0000000004B90000-memory.dmp

Filesize
256KB

Download
memory/2040-62-0x0000000004B50000-0x0000000004B90000-memory.dmp

Filesize
256KB

Download
memory/2040-63-0x0000000004B50000-0x0000000004B90000-memory.dmp

Filesize
256KB

Download