21c2a89d7532be43315dd9fcd99c2df41a756deab3197df2adcc6e82f46c074f

Analysis

max time kernel
118s
max time network
118s
platform
windows7_x64
resource
win7-20231201-en
resource tags

arch:x64arch:x86image:win7-20231201-enlocale:en-usos:windows7-x64system
submitted
13-12-2023 01:40

Target

21c2a89d7532be43315dd9fcd99c2df41a756deab3197df2adcc6e82f46c074f.exe
Size

51KB
MD5

7620ca719f502b7ca1d57d3c8a6992c7
SHA1

0548b3aa9ac9fc1781797e6717fa2b8d64309b0e
SHA256

21c2a89d7532be43315dd9fcd99c2df41a756deab3197df2adcc6e82f46c074f
SHA512

e855fa6c133191d0fc9e12fe146160e4d600fb9adb5ae498b70077695a46432856fe5ded034058957c711c507ace1ae07245075b86b006692073e42824e867f5
SSDEEP

768:88vmj2dB9pR016DBvV1I/Ptw9wyjeBw2MuDGEPAMxkE9s:88zB9pC16V91I9ryjeuj2xps

Score

3^/10

Program crash 1 IoCs

Processes:

WerFault.exe

pid pid_target process target process

2176 2088 WerFault.exe 21c2a89d7532be43315dd9fcd99c2df41a756deab3197df2adcc6e82f46c074f.exe
Suspicious use of AdjustPrivilegeToken 1 IoCs

Processes:

21c2a89d7532be43315dd9fcd99c2df41a756deab3197df2adcc6e82f46c074f.exe

description pid process

Token: SeDebugPrivilege 2088 21c2a89d7532be43315dd9fcd99c2df41a756deab3197df2adcc6e82f46c074f.exe

pid	pid_target	process	target process
2176	2088	WerFault.exe	21c2a89d7532be43315dd9fcd99c2df41a756deab3197df2adcc6e82f46c074f.exe

description	pid	process
Token: SeDebugPrivilege	2088	21c2a89d7532be43315dd9fcd99c2df41a756deab3197df2adcc6e82f46c074f.exe

Suspicious use of WriteProcessMemory 4 IoCs

Processes:

21c2a89d7532be43315dd9fcd99c2df41a756deab3197df2adcc6e82f46c074f.exe

description	pid	process	target process
PID 2088 wrote to memory of 2176	2088	21c2a89d7532be43315dd9fcd99c2df41a756deab3197df2adcc6e82f46c074f.exe	WerFault.exe
PID 2088 wrote to memory of 2176	2088	21c2a89d7532be43315dd9fcd99c2df41a756deab3197df2adcc6e82f46c074f.exe	WerFault.exe
PID 2088 wrote to memory of 2176	2088	21c2a89d7532be43315dd9fcd99c2df41a756deab3197df2adcc6e82f46c074f.exe	WerFault.exe
PID 2088 wrote to memory of 2176	2088	21c2a89d7532be43315dd9fcd99c2df41a756deab3197df2adcc6e82f46c074f.exe	WerFault.exe

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2088 -s 940
2⤵
- Program crash
PID:2176

memory/2088-0-0x0000000000F70000-0x0000000000F7E000-memory.dmp

Filesize
56KB

Download
memory/2088-1-0x0000000074A10000-0x00000000750FE000-memory.dmp

Filesize
6.9MB

Download
memory/2088-2-0x0000000006FD0000-0x0000000007010000-memory.dmp

Filesize
256KB

Download
memory/2088-3-0x0000000074A10000-0x00000000750FE000-memory.dmp

Filesize
6.9MB

Download
memory/2088-4-0x0000000006FD0000-0x0000000007010000-memory.dmp

Filesize
256KB

Download