d40af29bbc4ff1ea1827871711e5bfa3470d59723dd8ea29d2b19f5239e509e9

Resubmissions

26/10/2023, 08:06

12/07/2023, 13:22

max time kernel
28s
max time network
142s
platform
windows7_x64
resource
win7-20230703-en
resource tags

arch:x64arch:x86image:win7-20230703-enlocale:en-usos:windows7-x64system
submitted
12/07/2023, 13:22

Target

48E003A01.exe
Size

211KB
MD5

74c1127dcf701bfde53f4c92f9c8dbba
SHA1

1b9fe118a47f905bc26d952f55e543ed6e35648c
SHA256

3fb66e93d12abd992e94244ac7464474d0ff9156811a76a29a76dec0aa910f82
SHA512

4f4a3477cc7e6ac1ea965e921b1a9f0950754e708daace8baaeec87af37efe4dd1bf0679bffa2be63b0b4b94bb4d992191afe8c4c922ee57f3070fbe1ebbead2
SSDEEP

3072:DVwxiCLyrgkY1R4VC8/NLEaC5zC5yh5GvyzDF8HWhvYIMaNOwzf6fNlGH1KPEay0:D6xiCGrgkY1d5mwiHaYjaNp4Nu1o

Score

3^/10

Program crash 1 IoCs

pid	pid_target	Process	procid_target
3036	1352	WerFault.exe	27

Suspicious use of AdjustPrivilegeToken 1 IoCs

description	pid	Process
Token: SeDebugPrivilege	1352	48E003A01.exe

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 1352 wrote to memory of 3036	1352	48E003A01.exe	28
PID 1352 wrote to memory of 3036	1352	48E003A01.exe	28
PID 1352 wrote to memory of 3036	1352	48E003A01.exe	28

C:\Users\Admin\AppData\Local\Temp\48E003A01.exe
"C:\Users\Admin\AppData\Local\Temp\48E003A01.exe"
1⤵
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
PID:1352
- C:\Windows\system32\WerFault.exe
  C:\Windows\system32\WerFault.exe -u -p 1352 -s 1100
  2⤵
  - Program crash
  PID:3036

memory/1352-54-0x0000000000250000-0x0000000000288000-memory.dmp

Filesize
224KB

Download
memory/1352-55-0x000000001AFE0000-0x000000001B060000-memory.dmp

Filesize
512KB

Download
memory/1352-56-0x000000001AFE0000-0x000000001B060000-memory.dmp

Filesize
512KB

Download