b22d4b8e0c01ad5f0023a7d002be11801bd33de6d01591c3919972663870136b

Analysis

max time kernel
117s
max time network
120s
platform
windows7_x64
resource
win7-20231020-en
resource tags

arch:x64arch:x86image:win7-20231020-enlocale:en-usos:windows7-x64system
submitted
01/11/2023, 14:18

Target

NEAS.b869565615bd89ed81652e6b73eb7250.exe
Size

10KB
MD5

b869565615bd89ed81652e6b73eb7250
SHA1

79256420e255a31803338370e875f54ea2d09fbc
SHA256

b22d4b8e0c01ad5f0023a7d002be11801bd33de6d01591c3919972663870136b
SHA512

05f16b6e03a25621aca907d3af7ef16fb46cb2dded9c51266ffb2d31d26c188fa098edc1b1dd9ac39e4ce0f303b85f4afc700d580c96c830eb8128e8ade80afe
SSDEEP

192:9LWmzEBksuDzHNQgHfeMZZ3V93VnjdwqzN3RtKJN:U6PHFfeMvFnhwq5ht6

Score

1^/10

Suspicious use of AdjustPrivilegeToken 1 IoCs

description	pid	Process
Token: SeDebugPrivilege	1968	NEAS.b869565615bd89ed81652e6b73eb7250.exe

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 1968 wrote to memory of 2168	1968	NEAS.b869565615bd89ed81652e6b73eb7250.exe	28
PID 1968 wrote to memory of 2168	1968	NEAS.b869565615bd89ed81652e6b73eb7250.exe	28
PID 1968 wrote to memory of 2168	1968	NEAS.b869565615bd89ed81652e6b73eb7250.exe	28

C:\Users\Admin\AppData\Local\Temp\NEAS.b869565615bd89ed81652e6b73eb7250.exe
"C:\Users\Admin\AppData\Local\Temp\NEAS.b869565615bd89ed81652e6b73eb7250.exe"
1⤵
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
PID:1968
- C:\Windows\system32\WerFault.exe
  C:\Windows\system32\WerFault.exe -u -p 1968 -s 900
  2⤵
  PID:2168

memory/1968-0-0x0000000000A00000-0x0000000000A08000-memory.dmp

Filesize
32KB

Download
memory/1968-1-0x000007FEF5470000-0x000007FEF5E5C000-memory.dmp

Filesize
9.9MB

Download
memory/1968-2-0x000000001B240000-0x000000001B2C0000-memory.dmp

Filesize
512KB

Download
memory/1968-3-0x000007FEF5470000-0x000007FEF5E5C000-memory.dmp

Filesize
9.9MB

Download
memory/1968-4-0x000000001B240000-0x000000001B2C0000-memory.dmp

Filesize
512KB

Download