a72b848f82da4565a0ef24a9fa77f8916229f643e2c82182ef2c7a0a35ef316a

Analysis

max time kernel
120s
max time network
121s
platform
windows7_x64
resource
win7-20231215-en
resource tags

arch:x64arch:x86image:win7-20231215-enlocale:en-usos:windows7-x64system
submitted
22/12/2023, 09:58

Target

8331d0a3566e659573d255e03c7a478d.exe
Size

9KB
MD5

8331d0a3566e659573d255e03c7a478d
SHA1

8dd02248720126d70104bdc68d6bbea9857acf1c
SHA256

a72b848f82da4565a0ef24a9fa77f8916229f643e2c82182ef2c7a0a35ef316a
SHA512

8a79f281a936de1e493a1fd2981c17c09a8c98d37208e4a1949bc65eabb142f219d6db59fdd0776d9201ae512062948e5d31b3fc0508bbe9a797defdc1ce5bff
SSDEEP

192:exBksuXrN3y+AleMZZ3893VnjdwCz83NMGxF:DZWleMoFnhwCA9x

Score

1^/10

Suspicious use of AdjustPrivilegeToken 1 IoCs

description	pid	Process
Token: SeDebugPrivilege	2496	8331d0a3566e659573d255e03c7a478d.exe

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 2496 wrote to memory of 1060	2496	8331d0a3566e659573d255e03c7a478d.exe	28
PID 2496 wrote to memory of 1060	2496	8331d0a3566e659573d255e03c7a478d.exe	28
PID 2496 wrote to memory of 1060	2496	8331d0a3566e659573d255e03c7a478d.exe	28

C:\Users\Admin\AppData\Local\Temp\8331d0a3566e659573d255e03c7a478d.exe
"C:\Users\Admin\AppData\Local\Temp\8331d0a3566e659573d255e03c7a478d.exe"
1⤵
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
PID:2496
- C:\Windows\system32\WerFault.exe
  C:\Windows\system32\WerFault.exe -u -p 2496 -s 892
  2⤵
  PID:1060

memory/2496-0-0x0000000001060000-0x0000000001068000-memory.dmp

Filesize
32KB

Download
memory/2496-1-0x000007FEF5130000-0x000007FEF5B1C000-memory.dmp

Filesize
9.9MB

Download
memory/2496-2-0x000000001B2C0000-0x000000001B340000-memory.dmp

Filesize
512KB

Download
memory/2496-3-0x000007FEF5130000-0x000007FEF5B1C000-memory.dmp

Filesize
9.9MB

Download
memory/2496-4-0x000000001B2C0000-0x000000001B340000-memory.dmp

Filesize
512KB

Download