1654f25e1e868a33620d3d86e5ff43e15b73ebd10707d0631c5f5033925d1e34

Analysis

max time kernel
121s
max time network
127s
platform
windows7_x64
resource
win7-20231215-en
resource tags

arch:x64arch:x86image:win7-20231215-enlocale:en-usos:windows7-x64system
submitted
22/12/2023, 06:43

Target

76698f585455a4a9b5791ac5082bc068.exe
Size

9KB
MD5

76698f585455a4a9b5791ac5082bc068
SHA1

0a88ab4820fbbe201576687001eba427cd0ff908
SHA256

1654f25e1e868a33620d3d86e5ff43e15b73ebd10707d0631c5f5033925d1e34
SHA512

0d707b2692eef1b0d2fc2afce0b40dfbdfbe82426b6b0b443412bd4a7d71cbc54fe38565cd5a8cdd3ecf9e52d44721c027c719cebe60ae726bdb8325999506e3
SSDEEP

192:rBksuXm6N7oy1nOeMZZ3k93Vnjdwqzn3NTYZ+:f4xtOeM4FnhwqjdTO

Score

1^/10

Suspicious use of AdjustPrivilegeToken 1 IoCs

description	pid	Process
Token: SeDebugPrivilege	2760	76698f585455a4a9b5791ac5082bc068.exe

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 2760 wrote to memory of 2708	2760	76698f585455a4a9b5791ac5082bc068.exe	28
PID 2760 wrote to memory of 2708	2760	76698f585455a4a9b5791ac5082bc068.exe	28
PID 2760 wrote to memory of 2708	2760	76698f585455a4a9b5791ac5082bc068.exe	28

C:\Users\Admin\AppData\Local\Temp\76698f585455a4a9b5791ac5082bc068.exe
"C:\Users\Admin\AppData\Local\Temp\76698f585455a4a9b5791ac5082bc068.exe"
1⤵
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
PID:2760
- C:\Windows\system32\WerFault.exe
  C:\Windows\system32\WerFault.exe -u -p 2760 -s 896
  2⤵
  PID:2708

memory/2760-0-0x0000000000A10000-0x0000000000A18000-memory.dmp

Filesize
32KB

Download
memory/2760-1-0x000007FEF5C00000-0x000007FEF65EC000-memory.dmp

Filesize
9.9MB

Download
memory/2760-2-0x000000001B080000-0x000000001B100000-memory.dmp

Filesize
512KB

Download
memory/2760-3-0x000007FEF5C00000-0x000007FEF65EC000-memory.dmp

Filesize
9.9MB

Download
memory/2760-4-0x000000001B080000-0x000000001B100000-memory.dmp

Filesize
512KB

Download