a2c38035183bd2377ed4baec12f239b676db2431e140236fc2b8b35a3996e122

Analysis

max time kernel
135s
max time network
153s
platform
windows10-2004_x64
resource
win10v2004-20230220-en
resource tags

arch:x64arch:x86image:win10v2004-20230220-enlocale:en-usos:windows10-2004-x64system
submitted
16-04-2023 04:14

Target

a2c38035183bd2377ed4baec12f239b676db2431e140236fc2b8b35a3996e122.exe
Size

1.3MB
MD5

3784bbde91dcdcf8668fcf78e711b05b
SHA1

73d46f795e10c127e644b13759996eeb434903f5
SHA256

a2c38035183bd2377ed4baec12f239b676db2431e140236fc2b8b35a3996e122
SHA512

5abe505082bd6a71fccb63daaa5ee017b0e43e98ef4afffbda725a3aa12ace17973b79b285f5634a5bcc5fed66591054e5fade0d9b2dc77780d66b3db25b5516
SSDEEP

24576:LRXRRRRRRRRRRRRRRRRRRRRRRRRRRRRRgVQ6yJcyIHr9xTjoEIzOdoa8iPLDSVXv:LA+JcyarTX/ZxPYXT5Xld3hGCf1P

Score

3^/10

Program crash 1 IoCs

pid	pid_target	Process	procid_target
3324	4768	WerFault.exe	52

Suspicious use of AdjustPrivilegeToken 1 IoCs

description	pid	Process
Token: SeDebugPrivilege	4768	a2c38035183bd2377ed4baec12f239b676db2431e140236fc2b8b35a3996e122.exe

C:\Users\Admin\AppData\Local\Temp\a2c38035183bd2377ed4baec12f239b676db2431e140236fc2b8b35a3996e122.exe
"C:\Users\Admin\AppData\Local\Temp\a2c38035183bd2377ed4baec12f239b676db2431e140236fc2b8b35a3996e122.exe"
1⤵
- Suspicious use of AdjustPrivilegeToken
PID:4768
- C:\Windows\system32\WerFault.exe
  C:\Windows\system32\WerFault.exe -u -p 4768 -s 1656
  2⤵
  - Program crash
  PID:3324

C:\Windows\system32\WerFault.exe
C:\Windows\system32\WerFault.exe -pss -s 464 -p 4768 -ip 4768
1⤵
PID:2900

C:\Users\Admin\AppData\Local\Temp\FLiNGTrainer.tmp

Filesize
183KB

MD5
89be6ada38bfd0694df5f5dbd3901201

SHA1
7a7b4c535fbdb645d6017961941b342f89d1ac68

SHA256
a1d0ea64f13c103d36f27298bc117973224634fba2da416feb0074aa320ff65f

SHA512
02b9144c699e43559ecca88cb0a8ff6314a8cf455cb61dbcd897ca43e0e3293c52b78904cff270c5270fa92e180c86643d98dfd1218a18df4c997542802758a4

Download Submit
memory/4768-135-0x0000026777260000-0x0000026777294000-memory.dmp

Filesize
208KB

Download
memory/4768-138-0x0000026777E70000-0x0000026777E80000-memory.dmp

Filesize
64KB

Download
memory/4768-139-0x0000026777E70000-0x0000026777E80000-memory.dmp

Filesize
64KB

Download
memory/4768-140-0x0000026777E70000-0x0000026777E80000-memory.dmp

Filesize
64KB

Download
memory/4768-141-0x0000026777E70000-0x0000026777E80000-memory.dmp

Filesize
64KB

Download
memory/4768-142-0x0000026777E20000-0x0000026777E28000-memory.dmp

Filesize
32KB

Download