d50397506d7973d5deec25759bcab3e6ac0827e05f12b3d9ac909399dab70668

Analysis

max time kernel
117s
max time network
118s
platform
windows7_x64
resource
win7-20231215-en
resource tags

arch:x64arch:x86image:win7-20231215-enlocale:en-usos:windows7-x64system
submitted
22/12/2023, 03:55

Target

5ee7aa22ae68137f2f0c668f535ebdcb.exe
Size

9KB
MD5

5ee7aa22ae68137f2f0c668f535ebdcb
SHA1

a3f5890a0990c90596b39a78b479456992773f47
SHA256

d50397506d7973d5deec25759bcab3e6ac0827e05f12b3d9ac909399dab70668
SHA512

fd8552b1cced4b41e9c5ba215465b0648efdb416ae0153963b6d9b09835ef4763f20f44fbcc88f84f8682c31f92cb0cb9a1b056e1f4eaf9f4b48810d34a15f20
SSDEEP

192:IGONBksurrN3y+cCeMZZ3F93VnjdwCzr3OqE1W:IGjZaCeMnFnhwC/eq6

Score

1^/10

Suspicious use of AdjustPrivilegeToken 1 IoCs

description	pid	Process
Token: SeDebugPrivilege	2156	5ee7aa22ae68137f2f0c668f535ebdcb.exe

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 2156 wrote to memory of 1164	2156	5ee7aa22ae68137f2f0c668f535ebdcb.exe	28
PID 2156 wrote to memory of 1164	2156	5ee7aa22ae68137f2f0c668f535ebdcb.exe	28
PID 2156 wrote to memory of 1164	2156	5ee7aa22ae68137f2f0c668f535ebdcb.exe	28

C:\Users\Admin\AppData\Local\Temp\5ee7aa22ae68137f2f0c668f535ebdcb.exe
"C:\Users\Admin\AppData\Local\Temp\5ee7aa22ae68137f2f0c668f535ebdcb.exe"
1⤵
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
PID:2156
- C:\Windows\system32\WerFault.exe
  C:\Windows\system32\WerFault.exe -u -p 2156 -s 892
  2⤵
  PID:1164

memory/2156-0-0x00000000008A0000-0x00000000008A8000-memory.dmp

Filesize
32KB

Download
memory/2156-1-0x000007FEF5800000-0x000007FEF61EC000-memory.dmp

Filesize
9.9MB

Download
memory/2156-2-0x000000001B520000-0x000000001B5A0000-memory.dmp

Filesize
512KB

Download
memory/2156-3-0x000007FEF5800000-0x000007FEF61EC000-memory.dmp

Filesize
9.9MB

Download
memory/2156-4-0x000000001B520000-0x000000001B5A0000-memory.dmp

Filesize
512KB

Download