d00df0899a734a3446d165fdf7f18e43e40b85b3296eb0b00e1d1fa2bd8f9bc9

Analysis

max time kernel
118s
max time network
121s
platform
windows7_x64
resource
win7-20231023-en
resource tags

arch:x64arch:x86image:win7-20231023-enlocale:en-usos:windows7-x64system
submitted
01-11-2023 06:50

Target

DEKONT S_659332597pdf.exe
Size

84KB
MD5

7704ab6ad00b8b76f7669f49cbb4c61c
SHA1

68ddf50320e14400d15786db01c63e2d9f7c57fc
SHA256

d00df0899a734a3446d165fdf7f18e43e40b85b3296eb0b00e1d1fa2bd8f9bc9
SHA512

95c9358b9624511a1997031e2b983123518513489e6d0e03eaedddaa5185a299902971d87913fe04144bcb320303fb8b7fa090285135bf91046602c6ed549302
SSDEEP

1536:NTS1f1IEYJ3EoNQoB1qmy5eEw8IufaDRVOP/pa7zgr:NTGNIvJQoBueJuIR8PhaYr

Score

1^/10

Suspicious use of AdjustPrivilegeToken 1 IoCs

Processes:

DEKONT S_659332597pdf.exe

description pid process

Token: SeDebugPrivilege 1632 DEKONT S_659332597pdf.exe

description	pid	process
Token: SeDebugPrivilege	1632	DEKONT S_659332597pdf.exe

Suspicious use of WriteProcessMemory 3 IoCs

Processes:

DEKONT S_659332597pdf.exe

description	pid	process	target process
PID 1632 wrote to memory of 2648	1632	DEKONT S_659332597pdf.exe	WerFault.exe
PID 1632 wrote to memory of 2648	1632	DEKONT S_659332597pdf.exe	WerFault.exe
PID 1632 wrote to memory of 2648	1632	DEKONT S_659332597pdf.exe	WerFault.exe

C:\Windows\system32\WerFault.exe
C:\Windows\system32\WerFault.exe -u -p 1632 -s 1168
2⤵
PID:2648

memory/1632-0-0x0000000001320000-0x000000000133A000-memory.dmp

Filesize
104KB

Download
memory/1632-1-0x000007FEF5020000-0x000007FEF5A0C000-memory.dmp

Filesize
9.9MB

Download
memory/1632-2-0x000000001BB00000-0x000000001BB80000-memory.dmp

Filesize
512KB

Download
memory/1632-3-0x000007FEF5020000-0x000007FEF5A0C000-memory.dmp

Filesize
9.9MB

Download
memory/1632-4-0x000000001BB00000-0x000000001BB80000-memory.dmp

Filesize
512KB

Download