9be723eb1883932143234a8aecc303d54ee2b9456c2ef7a195ccb38cae50582a

Analysis

max time kernel
122s
max time network
127s
platform
windows7_x64
resource
win7-20230831-en
resource tags

arch:x64arch:x86image:win7-20230831-enlocale:en-usos:windows7-x64system
submitted
11-10-2023 06:45

Target

500CASINO Crash Predictor/500CASINO Crash Predictor.exe
Size

217KB
MD5

41ea1432ba11237dbb1f7bc7465a3f92
SHA1

7beb7a67e009f8256ad4b059f4257c605f8bc5e6
SHA256

b979a84bfe350f25b7e9f18d9b66c1adf0c14225e10face5650e4df7621e2d31
SHA512

f577261c37d1d3eb34f80179591db9b61f7ed45a83ed7b458be6f79785e61218d3713d4efa0d32a1aba0a88b46c0af144a117e68f973d7c5931b303d15da0900
SSDEEP

1536:9Fe8KXo3TECoH1lYOdKtwVcl8mJmtupKQ:9wajECoH1lbKtqYFJmq

Score

1^/10

Suspicious behavior: EnumeratesProcesses 1 IoCs

pid	Process
2900	powershell.exe

Suspicious use of AdjustPrivilegeToken 1 IoCs

description	pid	Process
Token: SeDebugPrivilege	2900	powershell.exe

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 2240 wrote to memory of 2900	2240	500CASINO Crash Predictor.exe	29
PID 2240 wrote to memory of 2900	2240	500CASINO Crash Predictor.exe	29
PID 2240 wrote to memory of 2900	2240	500CASINO Crash Predictor.exe	29

C:\Users\Admin\AppData\Local\Temp\500CASINO Crash Predictor\500CASINO Crash Predictor.exe
"C:\Users\Admin\AppData\Local\Temp\500CASINO Crash Predictor\500CASINO Crash Predictor.exe"
1⤵
- Suspicious use of WriteProcessMemory
PID:2240
- C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
  "powershell.exe"
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  - Suspicious use of AdjustPrivilegeToken
  PID:2900

memory/2240-0-0x000000013FAB0000-0x000000013FAE8000-memory.dmp

Filesize
224KB

Download
memory/2240-1-0x000007FEF5950000-0x000007FEF633C000-memory.dmp

Filesize
9.9MB

Download
memory/2240-14-0x000007FEF5950000-0x000007FEF633C000-memory.dmp

Filesize
9.9MB

Download
memory/2900-12-0x00000000028F0000-0x0000000002970000-memory.dmp

Filesize
512KB

Download
memory/2900-8-0x0000000002290000-0x0000000002298000-memory.dmp

Filesize
32KB

Download
memory/2900-9-0x000007FEF2CB0000-0x000007FEF364D000-memory.dmp

Filesize
9.6MB

Download
memory/2900-10-0x000007FEF2CB0000-0x000007FEF364D000-memory.dmp

Filesize
9.6MB

Download
memory/2900-11-0x00000000028F0000-0x0000000002970000-memory.dmp

Filesize
512KB

Download
memory/2900-7-0x000000001B360000-0x000000001B642000-memory.dmp

Filesize
2.9MB

Download
memory/2900-13-0x00000000028F0000-0x0000000002970000-memory.dmp

Filesize
512KB

Download
memory/2900-6-0x00000000028F0000-0x0000000002970000-memory.dmp

Filesize
512KB

Download
memory/2900-15-0x00000000028F0000-0x0000000002970000-memory.dmp

Filesize
512KB

Download
memory/2900-16-0x000007FEF2CB0000-0x000007FEF364D000-memory.dmp

Filesize
9.6MB

Download
memory/2900-17-0x00000000028F0000-0x0000000002970000-memory.dmp

Filesize
512KB

Download
memory/2900-18-0x00000000028F0000-0x0000000002970000-memory.dmp

Filesize
512KB

Download
memory/2900-19-0x00000000028F0000-0x0000000002970000-memory.dmp

Filesize
512KB

Download