ac6cb2a7a2bf89af7e1034e691566907e7848070cb4166ba2f87db816a2c7b56

Analysis

max time kernel
121s
max time network
130s
platform
windows7_x64
resource
win7-20231020-en
resource tags

arch:x64arch:x86image:win7-20231020-enlocale:en-usos:windows7-x64system
submitted
22-10-2023 07:14

Target

STOWAGE PLAN.exe
Size

431KB
MD5

dc4e19251d65c38b919a36f12028dde2
SHA1

c44c061158f1d8f864a3a4681d2eb8440f81c8ef
SHA256

ac6cb2a7a2bf89af7e1034e691566907e7848070cb4166ba2f87db816a2c7b56
SHA512

08174aaab5f8fc781622809abdd656620e530574dda523658539d4df01562e6b1fd8d7c812015deaa475892174377f088659fc15eee06db88a201ac186743581
SSDEEP

6144:QrNZnq8tYFHiH+Y+TMUKCaFCSaHDG7YYUz2LWOFWcy2CsSIo2aYcYPahZkf:QRZFYBiHsa0ABUeDy9sIqcYPahZE

Score

3^/10

Program crash 1 IoCs

pid	pid_target	Process	procid_target
2144	2472	WerFault.exe	27

Suspicious use of AdjustPrivilegeToken 1 IoCs

description	pid	Process
Token: SeDebugPrivilege	2472	STOWAGE PLAN.exe

Suspicious use of WriteProcessMemory 4 IoCs

description	pid	Process	procid_target
PID 2472 wrote to memory of 2144	2472	STOWAGE PLAN.exe	28
PID 2472 wrote to memory of 2144	2472	STOWAGE PLAN.exe	28
PID 2472 wrote to memory of 2144	2472	STOWAGE PLAN.exe	28
PID 2472 wrote to memory of 2144	2472	STOWAGE PLAN.exe	28

C:\Users\Admin\AppData\Local\Temp\STOWAGE PLAN.exe
"C:\Users\Admin\AppData\Local\Temp\STOWAGE PLAN.exe"
1⤵
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
PID:2472
- C:\Windows\SysWOW64\WerFault.exe
  C:\Windows\SysWOW64\WerFault.exe -u -p 2472 -s 1088
  2⤵
  - Program crash
  PID:2144

memory/2472-0-0x0000000073E00000-0x00000000744EE000-memory.dmp

Filesize
6.9MB

Download
memory/2472-1-0x00000000013C0000-0x0000000001432000-memory.dmp

Filesize
456KB

Download
memory/2472-2-0x0000000000E40000-0x0000000000E80000-memory.dmp

Filesize
256KB

Download
memory/2472-3-0x0000000073E00000-0x00000000744EE000-memory.dmp

Filesize
6.9MB

Download
memory/2472-4-0x0000000000E40000-0x0000000000E80000-memory.dmp

Filesize
256KB

Download