c05b6a2a708bca84b18e2268c8cf582fc35e6e78a49e0ad5a174c21e9fb79d90

Analysis

max time kernel
121s
max time network
125s
platform
windows7_x64
resource
win7-20230831-en
resource tags

arch:x64arch:x86image:win7-20230831-enlocale:en-usos:windows7-x64system
submitted
06-10-2023 01:01

Target

Rogue-main/interface.exe
Size

12KB
MD5

bce9a6fe857f381be422d56894a5fb97
SHA1

bfd810291fe67f4052f59d110f79dbb43e4e628d
SHA256

8b59e3e7af2f61498eb617b1ad54b10b0c21c93db8f9d0263a3450188775a59e
SHA512

ca0fa61b85a2cb63e7882529d4e3d5af671ec0d365e0a8e29182b04fda340c508fade16a8e0546049ce76e3477b0265edb3754d9d86a8d4482be60e0eb81634d
SSDEEP

192:wlhtwcnffNU9vY3l7Lx3ifuN1C0x0h52wa//TW:wljw8ffNUcnxEY1C0Gh8ws/T

Score

3^/10

Program crash 1 IoCs

pid	pid_target	Process	procid_target
2656	1900	WerFault.exe	27

Suspicious use of AdjustPrivilegeToken 1 IoCs

description	pid	Process
Token: SeDebugPrivilege	1900	interface.exe

Suspicious use of WriteProcessMemory 4 IoCs

description	pid	Process	procid_target
PID 1900 wrote to memory of 2656	1900	interface.exe	28
PID 1900 wrote to memory of 2656	1900	interface.exe	28
PID 1900 wrote to memory of 2656	1900	interface.exe	28
PID 1900 wrote to memory of 2656	1900	interface.exe	28

C:\Users\Admin\AppData\Local\Temp\Rogue-main\interface.exe
"C:\Users\Admin\AppData\Local\Temp\Rogue-main\interface.exe"
1⤵
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
PID:1900
- C:\Windows\SysWOW64\WerFault.exe
  C:\Windows\SysWOW64\WerFault.exe -u -p 1900 -s 1144
  2⤵
  - Program crash
  PID:2656

memory/1900-0-0x0000000001110000-0x000000000111A000-memory.dmp

Filesize
40KB

Download
memory/1900-1-0x0000000074950000-0x000000007503E000-memory.dmp

Filesize
6.9MB

Download
memory/1900-2-0x0000000001070000-0x00000000010B0000-memory.dmp

Filesize
256KB

Download
memory/1900-3-0x0000000074950000-0x000000007503E000-memory.dmp

Filesize
6.9MB

Download
memory/1900-4-0x0000000001070000-0x00000000010B0000-memory.dmp

Filesize
256KB

Download