80b55aa26af1c8cb84556ced208b0338313aa010bbb544cbb6a87f023b77899b

Analysis

max time kernel
118s
max time network
122s
platform
windows7_x64
resource
win7-20231025-en
resource tags

arch:x64arch:x86image:win7-20231025-enlocale:en-usos:windows7-x64system
submitted
31-10-2023 07:35

Target

Ttwsg.exe
Size

64KB
MD5

92877b963c90599d222a3c851dbbdaa1
SHA1

c2c4de2c7c5681f3be5c2ddca7f5ff7330d76dfd
SHA256

80b55aa26af1c8cb84556ced208b0338313aa010bbb544cbb6a87f023b77899b
SHA512

bd6b41b405cc333ceccd24fe68154216d1a8104639e5a1fe488f9436e2cd8a1e4900d81ef81364f0f8484d783608aef0632afee7d05677889f335d8dafcb0c2d
SSDEEP

1536:lBWET/xqKbqqMaWFwRfi0BVIHrtokNgRxv4v:l7/vGii2VILtPaRxk

Score

1^/10

Suspicious use of AdjustPrivilegeToken 1 IoCs

Processes:

Ttwsg.exe

description pid process

Token: SeDebugPrivilege 3024 Ttwsg.exe

description	pid	process
Token: SeDebugPrivilege	3024	Ttwsg.exe

Suspicious use of WriteProcessMemory 3 IoCs

Processes:

Ttwsg.exe

description	pid	process	target process
PID 3024 wrote to memory of 2092	3024	Ttwsg.exe	WerFault.exe
PID 3024 wrote to memory of 2092	3024	Ttwsg.exe	WerFault.exe
PID 3024 wrote to memory of 2092	3024	Ttwsg.exe	WerFault.exe

C:\Windows\system32\WerFault.exe
C:\Windows\system32\WerFault.exe -u -p 3024 -s 1168
2⤵
PID:2092

memory/3024-0-0x00000000011B0000-0x00000000011C4000-memory.dmp

Filesize
80KB

Download
memory/3024-1-0x000007FEF58C0000-0x000007FEF62AC000-memory.dmp

Filesize
9.9MB

Download
memory/3024-2-0x00000000026E0000-0x0000000002760000-memory.dmp

Filesize
512KB

Download
memory/3024-3-0x000007FEF58C0000-0x000007FEF62AC000-memory.dmp

Filesize
9.9MB

Download
memory/3024-4-0x00000000026E0000-0x0000000002760000-memory.dmp

Filesize
512KB

Download