517b60bd8eadf909a2d0c376010dab348cf247f8cd8678ba7f41232e5dbd944a

Analysis

max time kernel
135s
max time network
146s
platform
windows10-2004_x64
resource
win10v2004-20230220-en
resource tags

arch:x64arch:x86image:win10v2004-20230220-enlocale:en-usos:windows10-2004-x64system
submitted
14/06/2023, 20:19

Target

SwiftPOS.Reservations.exe
Size

764KB
MD5

8654d74d109430d9dea3a180f49e6943
SHA1

6a5df40ac09a4d1962db30219652412d9fafbc55
SHA256

517b60bd8eadf909a2d0c376010dab348cf247f8cd8678ba7f41232e5dbd944a
SHA512

e597da38918d205d2fce1b171aeab2886b93cfe52a91c9372945e6d5773ab01ccbddffb8ae135205c1265aee77b8e7aa514c3761071882bbec6e49f33252ae86
SSDEEP

12288:9BR5MfXcKupvmKeAYqjEw/Z5kNJgFw2z1UANLLzFe67K/+dWIsIg:9/xCqD/ZQgFwAbF1e/BRp

Score

3^/10

Program crash 1 IoCs

pid	pid_target	Process	procid_target
1460	4260	WerFault.exe	81

Suspicious use of AdjustPrivilegeToken 1 IoCs

description	pid	Process
Token: SeDebugPrivilege	4260	SwiftPOS.Reservations.exe

C:\Users\Admin\AppData\Local\Temp\SwiftPOS.Reservations.exe
"C:\Users\Admin\AppData\Local\Temp\SwiftPOS.Reservations.exe"
1⤵
- Suspicious use of AdjustPrivilegeToken
PID:4260
- C:\Windows\SysWOW64\WerFault.exe
  C:\Windows\SysWOW64\WerFault.exe -u -p 4260 -s 1236
  2⤵
  - Program crash
  PID:1460

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 408 -p 4260 -ip 4260
1⤵
PID:2880

memory/4260-133-0x00000000005D0000-0x0000000000690000-memory.dmp

Filesize
768KB

Download
memory/4260-134-0x0000000005130000-0x00000000051CC000-memory.dmp

Filesize
624KB

Download
memory/4260-135-0x00000000059B0000-0x0000000005F54000-memory.dmp

Filesize
5.6MB

Download
memory/4260-136-0x0000000005200000-0x0000000005292000-memory.dmp

Filesize
584KB

Download
memory/4260-137-0x00000000053F0000-0x0000000005400000-memory.dmp

Filesize
64KB

Download
memory/4260-138-0x0000000002B60000-0x0000000002B6A000-memory.dmp

Filesize
40KB

Download
memory/4260-139-0x0000000005390000-0x00000000053E6000-memory.dmp

Filesize
344KB

Download