06b65bd9da2ca1cc93132edf0bc6f055ecd1cd6948140500d987da117358c0f6

Analysis

max time kernel
118s
max time network
118s
platform
windows7_x64
resource
win7-20231130-en
resource tags

arch:x64arch:x86image:win7-20231130-enlocale:en-usos:windows7-x64system
submitted
06-12-2023 15:28

Target

06b65bd9da2ca1cc93132edf0bc6f055ecd1cd6948140500d987da117358c0f6.exe
Size

1.8MB
MD5

209ce9560ce534608415937ddc323a9c
SHA1

942b4c3123ca6bb9ecfc479bfb26a3768d3fc289
SHA256

06b65bd9da2ca1cc93132edf0bc6f055ecd1cd6948140500d987da117358c0f6
SHA512

08272d48625a554fb23c7c1d17e1da8630aeb9757499dd0721d5243e95b8e515147de61184e33731f227d20ece80d7a11e378c6c06d42b8c076d03ff7a6adf0c
SSDEEP

24576:c+NXDnJ3U1BtHrVRtm3Aqa7HYdxTQt7zkpbJ7vDSKuSbksRlv1Munu155JPG:1J3oTLV+3zNQuV74SBRlvx8558

Score

1^/10

Suspicious use of AdjustPrivilegeToken 1 IoCs

description	pid	Process
Token: SeDebugPrivilege	2196	06b65bd9da2ca1cc93132edf0bc6f055ecd1cd6948140500d987da117358c0f6.exe

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 2196 wrote to memory of 2536	2196	06b65bd9da2ca1cc93132edf0bc6f055ecd1cd6948140500d987da117358c0f6.exe	28
PID 2196 wrote to memory of 2536	2196	06b65bd9da2ca1cc93132edf0bc6f055ecd1cd6948140500d987da117358c0f6.exe	28
PID 2196 wrote to memory of 2536	2196	06b65bd9da2ca1cc93132edf0bc6f055ecd1cd6948140500d987da117358c0f6.exe	28

C:\Users\Admin\AppData\Local\Temp\06b65bd9da2ca1cc93132edf0bc6f055ecd1cd6948140500d987da117358c0f6.exe
"C:\Users\Admin\AppData\Local\Temp\06b65bd9da2ca1cc93132edf0bc6f055ecd1cd6948140500d987da117358c0f6.exe"
1⤵
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
PID:2196
- C:\Windows\system32\WerFault.exe
  C:\Windows\system32\WerFault.exe -u -p 2196 -s 776
  2⤵
  PID:2536

memory/2196-0-0x000000013F4A0000-0x000000013F725000-memory.dmp

Filesize
2.5MB

Download
memory/2196-1-0x000000013F4A0000-0x000000013F725000-memory.dmp

Filesize
2.5MB

Download
memory/2196-2-0x0000000001F60000-0x0000000001F9E000-memory.dmp

Filesize
248KB

Download
memory/2196-3-0x000007FEF5B10000-0x000007FEF64FC000-memory.dmp

Filesize
9.9MB

Download
memory/2196-4-0x0000000002A80000-0x0000000002B00000-memory.dmp

Filesize
512KB

Download
memory/2196-5-0x0000000002A80000-0x0000000002B00000-memory.dmp

Filesize
512KB

Download
memory/2196-6-0x0000000002A80000-0x0000000002B00000-memory.dmp

Filesize
512KB

Download
memory/2196-11-0x0000000002A80000-0x0000000002B00000-memory.dmp

Filesize
512KB

Download
memory/2196-12-0x000000013F4A0000-0x000000013F725000-memory.dmp

Filesize
2.5MB

Download
memory/2196-13-0x000007FEF5B10000-0x000007FEF64FC000-memory.dmp

Filesize
9.9MB

Download
memory/2196-14-0x0000000002A80000-0x0000000002B00000-memory.dmp

Filesize
512KB

Download
memory/2196-15-0x0000000002A80000-0x0000000002B00000-memory.dmp

Filesize
512KB

Download
memory/2196-16-0x0000000002A80000-0x0000000002B00000-memory.dmp

Filesize
512KB

Download