23abe80bf01902aca2c57c6494ef60780187a870d01d964790306a10b3fa23ad

Analysis

max time kernel
119s
max time network
127s
platform
windows7_x64
resource
win7-20230712-en
resource tags

arch:x64arch:x86image:win7-20230712-enlocale:en-usos:windows7-x64system
submitted
05-08-2023 23:48

Target

jbit.exe
Size

81.1MB
MD5

8eda3b52a16bb07d5a03441c10296502
SHA1

35ac1bafbedf456bf4cca1606673501a5200e623
SHA256

23abe80bf01902aca2c57c6494ef60780187a870d01d964790306a10b3fa23ad
SHA512

9f9e09c7b1645785d560f6cdd408714a544ef058197731626cf66d8708b43ef35b7116c7b5a15986fb7b11ff3513387db97e06dae42650ab0310ece0c943cac8
SSDEEP

1572864:bUSBvWtkRbCHf7RKxFOBS/DllaKg1h6xyPbm2oXMyOwGR2sedKdiizqZ4ujuw5b9:bRBvw4wDqFWS/DDumMP63XVXY2sedKdM

Score

3^/10

Program crash 1 IoCs

Processes:

WerFault.exe

pid pid_target process target process

2800 3048 WerFault.exe jbit.exe
Suspicious use of AdjustPrivilegeToken 1 IoCs

Processes:

jbit.exe

description pid process

Token: SeDebugPrivilege 3048 jbit.exe

pid	pid_target	process	target process
2800	3048	WerFault.exe	jbit.exe

description	pid	process
Token: SeDebugPrivilege	3048	jbit.exe

Suspicious use of WriteProcessMemory 4 IoCs

Processes:

jbit.exe

description	pid	process	target process
PID 3048 wrote to memory of 2800	3048	jbit.exe	WerFault.exe
PID 3048 wrote to memory of 2800	3048	jbit.exe	WerFault.exe
PID 3048 wrote to memory of 2800	3048	jbit.exe	WerFault.exe
PID 3048 wrote to memory of 2800	3048	jbit.exe	WerFault.exe

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3048 -s 1116
2⤵
- Program crash
PID:2800

memory/3048-54-0x0000000073E00000-0x00000000744EE000-memory.dmp

Filesize
6.9MB

Download
memory/3048-55-0x0000000000BD0000-0x0000000005CE8000-memory.dmp

Filesize
81.1MB

Download
memory/3048-56-0x0000000000A00000-0x0000000000A40000-memory.dmp

Filesize
256KB

Download
memory/3048-57-0x0000000073E00000-0x00000000744EE000-memory.dmp

Filesize
6.9MB

Download