04dd3f1226499edac26623684b05e1964f0b3638cbb0ae876f7beb6be76f52e7

Analysis

max time kernel
118s
max time network
127s
platform
windows7_x64
resource
win7-20231215-en
resource tags

arch:x64arch:x86image:win7-20231215-enlocale:en-usos:windows7-x64system
submitted
22/12/2023, 16:28

Target

f075c50fe0baa9bfa998101b0dd5b1e7.exe
Size

9KB
MD5

f075c50fe0baa9bfa998101b0dd5b1e7
SHA1

02eb33621960fa89909b7c009f68138a86e96958
SHA256

04dd3f1226499edac26623684b05e1964f0b3638cbb0ae876f7beb6be76f52e7
SHA512

c14a44fbc14f50c67f36a1e15a2814b94f06b59a29a17255388386d36647d5c83138ffd614a8805492ed793d9cdfc2c3163e3c86936993a9875583d8e5f2d5d3
SSDEEP

192:jBksuD9MuI7/eMZZ3L93Vnjdwqz23R3e:8lW/eMlFnhwqyh3

Score

1^/10

Suspicious use of AdjustPrivilegeToken 1 IoCs

description	pid	Process
Token: SeDebugPrivilege	2536	f075c50fe0baa9bfa998101b0dd5b1e7.exe

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 2536 wrote to memory of 2808	2536	f075c50fe0baa9bfa998101b0dd5b1e7.exe	30
PID 2536 wrote to memory of 2808	2536	f075c50fe0baa9bfa998101b0dd5b1e7.exe	30
PID 2536 wrote to memory of 2808	2536	f075c50fe0baa9bfa998101b0dd5b1e7.exe	30

C:\Users\Admin\AppData\Local\Temp\f075c50fe0baa9bfa998101b0dd5b1e7.exe
"C:\Users\Admin\AppData\Local\Temp\f075c50fe0baa9bfa998101b0dd5b1e7.exe"
1⤵
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
PID:2536
- C:\Windows\system32\WerFault.exe
  C:\Windows\system32\WerFault.exe -u -p 2536 -s 900
  2⤵
  PID:2808

memory/2536-0-0x0000000000C50000-0x0000000000C58000-memory.dmp

Filesize
32KB

Download
memory/2536-1-0x000007FEF5350000-0x000007FEF5D3C000-memory.dmp

Filesize
9.9MB

Download
memory/2536-2-0x0000000000BC0000-0x0000000000C40000-memory.dmp

Filesize
512KB

Download
memory/2536-3-0x000007FEF5350000-0x000007FEF5D3C000-memory.dmp

Filesize
9.9MB

Download
memory/2536-4-0x0000000000BC0000-0x0000000000C40000-memory.dmp

Filesize
512KB

Download