d5c7c3f5d8a3cb6ec5b4f05dc18ddf1591544be8007cb17dbcb11d98701cfb1d

Analysis

max time kernel
152s
max time network
152s
platform
windows10-2004_x64
resource
win10v2004-20231023-en
resource tags

arch:x64arch:x86image:win10v2004-20231023-enlocale:en-usos:windows10-2004-x64system
submitted
03-11-2023 18:27

Target

NEAS.d5c7c3f5d8a3cb6ec5b4f05dc18ddf1591544be8007cb17dbcb11d98701cfb1dexe_JC.exe
Size

1.4MB
MD5

d2105231b50a87133f07d340d30711ea
SHA1

a933024e21d0792033ead30b1c72a5b243688595
SHA256

d5c7c3f5d8a3cb6ec5b4f05dc18ddf1591544be8007cb17dbcb11d98701cfb1d
SHA512

80539fb6c7a731111b923fd226c02022b929476eddca02f8df8cd9695e99aad3dcd1c6606e65c2559643333d183fa6864c75c9dd05a9acc81348c2ca8716b825
SSDEEP

24576:JTZ9M31t0GtNco35IvemcWv1YL57PWNEjlcd7bjgpgVeHqj:39M31t0qHpgVeo

Score

3^/10

Program crash 2 IoCs

pid	pid_target	Process	procid_target
1840	5036	WerFault.exe	86
1192	5036	WerFault.exe	86

Suspicious use of AdjustPrivilegeToken 1 IoCs

description	pid	Process
Token: SeDebugPrivilege	5036	NEAS.d5c7c3f5d8a3cb6ec5b4f05dc18ddf1591544be8007cb17dbcb11d98701cfb1dexe_JC.exe

C:\Users\Admin\AppData\Local\Temp\NEAS.d5c7c3f5d8a3cb6ec5b4f05dc18ddf1591544be8007cb17dbcb11d98701cfb1dexe_JC.exe
"C:\Users\Admin\AppData\Local\Temp\NEAS.d5c7c3f5d8a3cb6ec5b4f05dc18ddf1591544be8007cb17dbcb11d98701cfb1dexe_JC.exe"
1⤵
- Suspicious use of AdjustPrivilegeToken
PID:5036
- C:\Windows\SysWOW64\WerFault.exe
  C:\Windows\SysWOW64\WerFault.exe -u -p 5036 -s 1572
  2⤵
  - Program crash
  PID:1840
- C:\Windows\SysWOW64\WerFault.exe
  C:\Windows\SysWOW64\WerFault.exe -u -p 5036 -s 1572
  2⤵
  - Program crash
  PID:1192

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 460 -p 5036 -ip 5036
1⤵
PID:4552

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 420 -p 5036 -ip 5036
1⤵
PID:3108

memory/5036-0-0x0000000074AA0000-0x0000000075250000-memory.dmp

Filesize
7.7MB

Download
memory/5036-1-0x0000000000290000-0x0000000000400000-memory.dmp

Filesize
1.4MB

Download
memory/5036-2-0x0000000074AA0000-0x0000000075250000-memory.dmp

Filesize
7.7MB

Download
memory/5036-3-0x0000000004DB0000-0x0000000004DC0000-memory.dmp

Filesize
64KB

Download
memory/5036-4-0x0000000004DB0000-0x0000000004DC0000-memory.dmp

Filesize
64KB

Download
memory/5036-5-0x0000000074AA0000-0x0000000075250000-memory.dmp

Filesize
7.7MB

Download