ab50f61ec252f70e22a03352d222e09237fca319441da9c59770f9d7a87545a3

Analysis

max time kernel
120s
max time network
124s
platform
windows7_x64
resource
win7-20230712-en
resource tags

arch:x64arch:x86image:win7-20230712-enlocale:en-usos:windows7-x64system
submitted
20/08/2023, 07:02

Target

ab50f61ec252f70e22a03352d222e09237fca319441da9c59770f9d7a87545a3.exe
Size

164KB
MD5

860b9ccacbfab9ba5477f1a393cf4ba4
SHA1

c8e552d4d3ea48d53db6bbedf8b4b61865d0c029
SHA256

ab50f61ec252f70e22a03352d222e09237fca319441da9c59770f9d7a87545a3
SHA512

533dacf549f0a83d3b98a7372bd3c86870060c35bdc0a4a9ca6141b39eba2e66288307ed6fc46e512e56ab95c1af55a238ce8e1e66345dd80d418a8ce101b821
SSDEEP

1536:729PafQQOLwxOyMz3UVs3gDSMYuNbwlFqqEmIG8LmdN91t88:i9PafQQ5u3KIHewnx8KR88

Score

3^/10

Program crash 1 IoCs

pid	pid_target	Process	procid_target
2492	2572	WerFault.exe	27

Suspicious use of AdjustPrivilegeToken 1 IoCs

description	pid	Process
Token: SeDebugPrivilege	2572	ab50f61ec252f70e22a03352d222e09237fca319441da9c59770f9d7a87545a3.exe

Suspicious use of WriteProcessMemory 4 IoCs

description	pid	Process	procid_target
PID 2572 wrote to memory of 2492	2572	ab50f61ec252f70e22a03352d222e09237fca319441da9c59770f9d7a87545a3.exe	28
PID 2572 wrote to memory of 2492	2572	ab50f61ec252f70e22a03352d222e09237fca319441da9c59770f9d7a87545a3.exe	28
PID 2572 wrote to memory of 2492	2572	ab50f61ec252f70e22a03352d222e09237fca319441da9c59770f9d7a87545a3.exe	28
PID 2572 wrote to memory of 2492	2572	ab50f61ec252f70e22a03352d222e09237fca319441da9c59770f9d7a87545a3.exe	28

C:\Users\Admin\AppData\Local\Temp\ab50f61ec252f70e22a03352d222e09237fca319441da9c59770f9d7a87545a3.exe
"C:\Users\Admin\AppData\Local\Temp\ab50f61ec252f70e22a03352d222e09237fca319441da9c59770f9d7a87545a3.exe"
1⤵
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
PID:2572
- C:\Windows\SysWOW64\WerFault.exe
  C:\Windows\SysWOW64\WerFault.exe -u -p 2572 -s 1076
  2⤵
  - Program crash
  PID:2492

memory/2572-54-0x0000000000D20000-0x0000000000D50000-memory.dmp

Filesize
192KB

Download
memory/2572-55-0x0000000073890000-0x0000000073F7E000-memory.dmp

Filesize
6.9MB

Download
memory/2572-56-0x0000000004B70000-0x0000000004BB0000-memory.dmp

Filesize
256KB

Download
memory/2572-57-0x0000000073890000-0x0000000073F7E000-memory.dmp

Filesize
6.9MB

Download
memory/2572-58-0x0000000004B70000-0x0000000004BB0000-memory.dmp

Filesize
256KB

Download