0821ca98c306c5ac791e7fb80d81e5f8dc7d49f3bd88935561c1bc0d70821674

Analysis

max time kernel
239s
max time network
286s
platform
windows7_x64
resource
win7-20231215-en
resource tags

arch:x64arch:x86image:win7-20231215-enlocale:en-usos:windows7-x64system
submitted
24-12-2023 22:46

Target

16c23beea2ed64892ae33e3214dcd22e.exe
Size

22KB
MD5

16c23beea2ed64892ae33e3214dcd22e
SHA1

dc3a74fb3723160a2b80fd7adb6cc006b84f3c04
SHA256

0821ca98c306c5ac791e7fb80d81e5f8dc7d49f3bd88935561c1bc0d70821674
SHA512

cda51458e2f038ed8e03af4dad324866428f439b086ba7d5bd6f843d6d0aa91fa5294ccde00d7bbd331c5242ffec5bdf8f5b17c0594bbe4bcd3e0378145ff8dd
SSDEEP

384:I9azLT4M+GdozOWeLYRJkE6SesUynJ8Y/TISQk:IDM+GdozOWeLYR+EJPqYrz

Score

1^/10

Suspicious use of AdjustPrivilegeToken 1 IoCs

description	pid	Process
Token: SeDebugPrivilege	588	16c23beea2ed64892ae33e3214dcd22e.exe

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 588 wrote to memory of 1972	588	16c23beea2ed64892ae33e3214dcd22e.exe	28
PID 588 wrote to memory of 1972	588	16c23beea2ed64892ae33e3214dcd22e.exe	28
PID 588 wrote to memory of 1972	588	16c23beea2ed64892ae33e3214dcd22e.exe	28

C:\Users\Admin\AppData\Local\Temp\16c23beea2ed64892ae33e3214dcd22e.exe
"C:\Users\Admin\AppData\Local\Temp\16c23beea2ed64892ae33e3214dcd22e.exe"
1⤵
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
PID:588
- C:\Windows\system32\WerFault.exe
  C:\Windows\system32\WerFault.exe -u -p 588 -s 972
  2⤵
  PID:1972

memory/588-0-0x00000000009B0000-0x00000000009BC000-memory.dmp

Filesize
48KB

Download
memory/588-1-0x000007FEF56B0000-0x000007FEF609C000-memory.dmp

Filesize
9.9MB

Download
memory/588-2-0x000000001A850000-0x000000001A8D0000-memory.dmp

Filesize
512KB

Download
memory/588-3-0x000007FEF56B0000-0x000007FEF609C000-memory.dmp

Filesize
9.9MB

Download
memory/588-4-0x000000001A850000-0x000000001A8D0000-memory.dmp

Filesize
512KB

Download