9d36b416b855792052a8df54f169cebc5d7738aa6760519e04f5221d2c831135

Analysis

max time kernel
117s
max time network
124s
platform
windows7_x64
resource
win7-20231215-en
resource tags

arch:x64arch:x86image:win7-20231215-enlocale:en-usos:windows7-x64system
submitted
19/12/2023, 15:33

Target

502b59c15f2e4745b870ba1acaf8d6f2.exe
Size

9KB
MD5

502b59c15f2e4745b870ba1acaf8d6f2
SHA1

47a117a27ad83fbf92bf1759847c007569e913da
SHA256

9d36b416b855792052a8df54f169cebc5d7738aa6760519e04f5221d2c831135
SHA512

cbf53c5b48fcc2ab2da4fc4cb649c28e9a61761397f386b5be37597c5208b8072b7868543499274de2672804b65e162c774edaeed461f59d8f36f51ee3e06b3e
SSDEEP

192:LBksuzPY82gQv5F4utBeMZZ3293VnjdwCz13Oz+:Z82l4utBeMqFnhwCJez

Score

1^/10

Suspicious use of AdjustPrivilegeToken 1 IoCs

description	pid	Process
Token: SeDebugPrivilege	2076	502b59c15f2e4745b870ba1acaf8d6f2.exe

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 2076 wrote to memory of 2720	2076	502b59c15f2e4745b870ba1acaf8d6f2.exe	28
PID 2076 wrote to memory of 2720	2076	502b59c15f2e4745b870ba1acaf8d6f2.exe	28
PID 2076 wrote to memory of 2720	2076	502b59c15f2e4745b870ba1acaf8d6f2.exe	28

C:\Users\Admin\AppData\Local\Temp\502b59c15f2e4745b870ba1acaf8d6f2.exe
"C:\Users\Admin\AppData\Local\Temp\502b59c15f2e4745b870ba1acaf8d6f2.exe"
1⤵
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
PID:2076
- C:\Windows\system32\WerFault.exe
  C:\Windows\system32\WerFault.exe -u -p 2076 -s 896
  2⤵
  PID:2720

memory/2076-0-0x0000000000850000-0x0000000000858000-memory.dmp

Filesize
32KB

Download
memory/2076-1-0x000007FEF5500000-0x000007FEF5EEC000-memory.dmp

Filesize
9.9MB

Download
memory/2076-2-0x000000001B4C0000-0x000000001B540000-memory.dmp

Filesize
512KB

Download
memory/2076-3-0x000007FEF5500000-0x000007FEF5EEC000-memory.dmp

Filesize
9.9MB

Download
memory/2076-4-0x000000001B4C0000-0x000000001B540000-memory.dmp

Filesize
512KB

Download