31458242423a6f24763850c588360b9e5a88cd1b2ac038843be271281583ae25

Analysis

max time kernel
122s
max time network
125s
platform
windows7_x64
resource
win7-20231215-en
resource tags

arch:x64arch:x86image:win7-20231215-enlocale:en-usos:windows7-x64system
submitted
22/12/2023, 04:22

Target

6324aa1aa391254414684ec62a867956.exe
Size

9KB
MD5

6324aa1aa391254414684ec62a867956
SHA1

30866c59fb8f31f1dc686837fbf45836afbdb1d2
SHA256

31458242423a6f24763850c588360b9e5a88cd1b2ac038843be271281583ae25
SHA512

c319ee6d8ccf6679ee7e996287cc2fdfb1a3c30db880dad4781c0d2d5deff568af761eb5e0f21df66807d0231229e1485dd6160764ce9647a188cfc86e77c6fb
SSDEEP

192:tBksuHE7+goGwAeMZZ3GJ93VnjdwqznY3OOW:B2GwAeMK/FnhwqcT

Score

1^/10

Suspicious use of AdjustPrivilegeToken 1 IoCs

description	pid	Process
Token: SeDebugPrivilege	2176	6324aa1aa391254414684ec62a867956.exe

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 2176 wrote to memory of 2664	2176	6324aa1aa391254414684ec62a867956.exe	28
PID 2176 wrote to memory of 2664	2176	6324aa1aa391254414684ec62a867956.exe	28
PID 2176 wrote to memory of 2664	2176	6324aa1aa391254414684ec62a867956.exe	28

C:\Users\Admin\AppData\Local\Temp\6324aa1aa391254414684ec62a867956.exe
"C:\Users\Admin\AppData\Local\Temp\6324aa1aa391254414684ec62a867956.exe"
1⤵
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
PID:2176
- C:\Windows\system32\WerFault.exe
  C:\Windows\system32\WerFault.exe -u -p 2176 -s 896
  2⤵
  PID:2664

memory/2176-0-0x00000000012B0000-0x00000000012B8000-memory.dmp

Filesize
32KB

Download
memory/2176-1-0x000007FEF5AB0000-0x000007FEF649C000-memory.dmp

Filesize
9.9MB

Download
memory/2176-2-0x000000001B5D0000-0x000000001B650000-memory.dmp

Filesize
512KB

Download
memory/2176-3-0x000007FEF5AB0000-0x000007FEF649C000-memory.dmp

Filesize
9.9MB

Download
memory/2176-4-0x000000001B5D0000-0x000000001B650000-memory.dmp

Filesize
512KB

Download