f0c882c6d59a7552800e017ee1e3e818837207a00cc767cf1ab35b2dc304feac

Analysis

max time kernel
119s
max time network
123s
platform
windows7_x64
resource
win7-20231215-en
resource tags

arch:x64arch:x86image:win7-20231215-enlocale:en-usos:windows7-x64system
submitted
22/12/2023, 07:51

Target

7aecfc6867f9f7394002f34e528ed497.exe
Size

9KB
MD5

7aecfc6867f9f7394002f34e528ed497
SHA1

474098c43a70f099e429009c7b7b4262fdbcb067
SHA256

f0c882c6d59a7552800e017ee1e3e818837207a00cc767cf1ab35b2dc304feac
SHA512

ee39b6fab3726386bc45781167d1e5226033888e04e236bf63869445abf4a094ec98502408f38f0557219f0dfc82469a49667836a53189103b8bc6106d82822b
SSDEEP

192:YBksu/EXVwVqEeMZZ3h93VnjdwCzr3mHhJF:QVwsEeMTFnhwCX2HhJ

Score

1^/10

Suspicious use of AdjustPrivilegeToken 1 IoCs

description	pid	Process
Token: SeDebugPrivilege	2564	7aecfc6867f9f7394002f34e528ed497.exe

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 2564 wrote to memory of 2860	2564	7aecfc6867f9f7394002f34e528ed497.exe	28
PID 2564 wrote to memory of 2860	2564	7aecfc6867f9f7394002f34e528ed497.exe	28
PID 2564 wrote to memory of 2860	2564	7aecfc6867f9f7394002f34e528ed497.exe	28

C:\Users\Admin\AppData\Local\Temp\7aecfc6867f9f7394002f34e528ed497.exe
"C:\Users\Admin\AppData\Local\Temp\7aecfc6867f9f7394002f34e528ed497.exe"
1⤵
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
PID:2564
- C:\Windows\system32\WerFault.exe
  C:\Windows\system32\WerFault.exe -u -p 2564 -s 900
  2⤵
  PID:2860

memory/2564-0-0x0000000001250000-0x0000000001258000-memory.dmp

Filesize
32KB

Download
memory/2564-1-0x000007FEF5D80000-0x000007FEF676C000-memory.dmp

Filesize
9.9MB

Download
memory/2564-2-0x0000000000C70000-0x0000000000CF0000-memory.dmp

Filesize
512KB

Download
memory/2564-3-0x000007FEF5D80000-0x000007FEF676C000-memory.dmp

Filesize
9.9MB

Download
memory/2564-4-0x0000000000C70000-0x0000000000CF0000-memory.dmp

Filesize
512KB

Download