7af903f41f46f252876c68b364e55663d3cafe233a9a7383141aab9a5a718aa7

Analysis

max time kernel
119s
max time network
123s
platform
windows7_x64
resource
win7-20231215-en
resource tags

arch:x64arch:x86image:win7-20231215-enlocale:en-usos:windows7-x64system
submitted
22/12/2023, 13:39

Target

a922916a45a057396638dc73e6ad3c61.exe
Size

9KB
MD5

a922916a45a057396638dc73e6ad3c61
SHA1

a6dfa887548eaa084c42b4be13ddfb117f981843
SHA256

7af903f41f46f252876c68b364e55663d3cafe233a9a7383141aab9a5a718aa7
SHA512

3f6f9e526a08e3b01baa899b80674762b81d2aaaf8d8dad84da176ad66a756a7d23f401ff51bd274998fe2e29c15c88d4a61e407cf095c8e1cb07f66fc5b5759
SSDEEP

192:9BksuDzHNQ+HJeMZZ3v93Vnjdwqzw3LsXx2b:SH7JeMJFnhwq0gXc

Score

1^/10

Suspicious use of AdjustPrivilegeToken 1 IoCs

description	pid	Process
Token: SeDebugPrivilege	2444	a922916a45a057396638dc73e6ad3c61.exe

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 2444 wrote to memory of 2812	2444	a922916a45a057396638dc73e6ad3c61.exe	28
PID 2444 wrote to memory of 2812	2444	a922916a45a057396638dc73e6ad3c61.exe	28
PID 2444 wrote to memory of 2812	2444	a922916a45a057396638dc73e6ad3c61.exe	28

C:\Users\Admin\AppData\Local\Temp\a922916a45a057396638dc73e6ad3c61.exe
"C:\Users\Admin\AppData\Local\Temp\a922916a45a057396638dc73e6ad3c61.exe"
1⤵
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
PID:2444
- C:\Windows\system32\WerFault.exe
  C:\Windows\system32\WerFault.exe -u -p 2444 -s 904
  2⤵
  PID:2812

memory/2444-0-0x0000000000F10000-0x0000000000F18000-memory.dmp

Filesize
32KB

Download
memory/2444-1-0x000007FEF5A90000-0x000007FEF647C000-memory.dmp

Filesize
9.9MB

Download
memory/2444-2-0x000000001AFA0000-0x000000001B020000-memory.dmp

Filesize
512KB

Download
memory/2444-3-0x000007FEF5A90000-0x000007FEF647C000-memory.dmp

Filesize
9.9MB

Download
memory/2444-4-0x000000001AFA0000-0x000000001B020000-memory.dmp

Filesize
512KB

Download