a26a1e106baf5efaf850352e932e69a5f2921921cc4fd7ffb81804cc78de8ae0

Analysis

max time kernel
118s
max time network
141s
platform
windows7_x64
resource
win7-20231215-en
resource tags

arch:x64arch:x86image:win7-20231215-enlocale:en-usos:windows7-x64system
submitted
22-12-2023 06:16

Target

74ea87634c37a1e6b9e90e80b4082e48.exe
Size

9KB
MD5

74ea87634c37a1e6b9e90e80b4082e48
SHA1

b76d24e1d29151635b42ca3c6af666f894807a65
SHA256

a26a1e106baf5efaf850352e932e69a5f2921921cc4fd7ffb81804cc78de8ae0
SHA512

c718f18a0111b99406dd5ac19e748bba59161c41b0e02b15b27b0951f258ac7b71a6e8b24541bb84d220a7224c866c933d42abf3d4ee7e96c34e79038527272d
SSDEEP

192:HBksun9MuIXYeMZZ3m93Vnjdwqzu3L9sCQSX:clqYeMSFnhwqyb9sCR

Score

1^/10

Suspicious use of AdjustPrivilegeToken 1 IoCs

description	pid	Process
Token: SeDebugPrivilege	2936	74ea87634c37a1e6b9e90e80b4082e48.exe

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 2936 wrote to memory of 2768	2936	74ea87634c37a1e6b9e90e80b4082e48.exe	30
PID 2936 wrote to memory of 2768	2936	74ea87634c37a1e6b9e90e80b4082e48.exe	30
PID 2936 wrote to memory of 2768	2936	74ea87634c37a1e6b9e90e80b4082e48.exe	30

C:\Users\Admin\AppData\Local\Temp\74ea87634c37a1e6b9e90e80b4082e48.exe
"C:\Users\Admin\AppData\Local\Temp\74ea87634c37a1e6b9e90e80b4082e48.exe"
1⤵
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
PID:2936
- C:\Windows\system32\WerFault.exe
  C:\Windows\system32\WerFault.exe -u -p 2936 -s 900
  2⤵
  PID:2768

memory/2936-0-0x0000000000050000-0x0000000000058000-memory.dmp

Filesize
32KB

Download
memory/2936-1-0x000007FEF51D0000-0x000007FEF5BBC000-memory.dmp

Filesize
9.9MB

Download
memory/2936-2-0x0000000001EC0000-0x0000000001F40000-memory.dmp

Filesize
512KB

Download
memory/2936-3-0x000007FEF51D0000-0x000007FEF5BBC000-memory.dmp

Filesize
9.9MB

Download
memory/2936-4-0x0000000001EC0000-0x0000000001F40000-memory.dmp

Filesize
512KB

Download