a82af7127b9a6eb4a85f49a8a86ff09e155dfec3fa0d5387726c1c993a4cd947

Analysis

max time kernel
145s
max time network
156s
platform
windows10-2004_x64
resource
win10v2004-20230915-en
resource tags

arch:x64arch:x86image:win10v2004-20230915-enlocale:en-usos:windows10-2004-x64system
submitted
12/10/2023, 07:28

Target

Comm Invoice Ex.exe
Size

1.5MB
MD5

2fa9acd0775d8e6e767d74227759d812
SHA1

aabc0c9de290834f1b021ebd757d7588e082cc59
SHA256

a82af7127b9a6eb4a85f49a8a86ff09e155dfec3fa0d5387726c1c993a4cd947
SHA512

0eaa8d70942288d53638e9ba0a0dcb42baa3bb5daa2a57983b243f371788d89a67cdcc8d86672ff217975089b1ae69ae4a98eaf312ccc424d084388ca0dfe896
SSDEEP

24576:eu7d3LpCztAG48YQcHaakCf0wVrFhQd5kcqAI:bLr8nurFhQdC

Score

3^/10

Program crash 3 IoCs

pid	pid_target	Process	procid_target
2440	4856	WerFault.exe	84
4580	4856	WerFault.exe	84
2556	4856	WerFault.exe	84

Suspicious behavior: EnumeratesProcesses 1 IoCs

pid	Process
4856	Comm Invoice Ex.exe

Suspicious use of AdjustPrivilegeToken 1 IoCs

description	pid	Process
Token: SeDebugPrivilege	4856	Comm Invoice Ex.exe

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 4856 wrote to memory of 2440	4856	Comm Invoice Ex.exe	98
PID 4856 wrote to memory of 2440	4856	Comm Invoice Ex.exe	98
PID 4856 wrote to memory of 2440	4856	Comm Invoice Ex.exe	98

C:\Users\Admin\AppData\Local\Temp\Comm Invoice Ex.exe
"C:\Users\Admin\AppData\Local\Temp\Comm Invoice Ex.exe"
1⤵
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
PID:4856
- C:\Windows\SysWOW64\WerFault.exe
  C:\Windows\SysWOW64\WerFault.exe -u -p 4856 -s 1976
  2⤵
  - Program crash
  PID:2440
- C:\Windows\SysWOW64\WerFault.exe
  C:\Windows\SysWOW64\WerFault.exe -u -p 4856 -s 1976
  2⤵
  - Program crash
  PID:4580
- C:\Windows\SysWOW64\WerFault.exe
  C:\Windows\SysWOW64\WerFault.exe -u -p 4856 -s 1976
  2⤵
  - Program crash
  PID:2556

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 464 -p 4856 -ip 4856
1⤵
PID:1912

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 512 -p 4856 -ip 4856
1⤵
PID:1496

memory/4856-0-0x0000000074FA0000-0x0000000075750000-memory.dmp

Filesize
7.7MB

Download
memory/4856-1-0x0000000074FA0000-0x0000000075750000-memory.dmp

Filesize
7.7MB

Download
memory/4856-2-0x0000000000A00000-0x0000000000B7A000-memory.dmp

Filesize
1.5MB

Download
memory/4856-3-0x00000000057D0000-0x00000000057E0000-memory.dmp

Filesize
64KB

Download
memory/4856-4-0x0000000005700000-0x0000000005708000-memory.dmp

Filesize
32KB

Download
memory/4856-5-0x00000000057D0000-0x00000000057E0000-memory.dmp

Filesize
64KB

Download
memory/4856-6-0x0000000074FA0000-0x0000000075750000-memory.dmp

Filesize
7.7MB

Download