1f4131cfcfc29f3bf592378591456460c376888c8d538a91ea0a0da7276c3330

Analysis

max time kernel
121s
max time network
125s
platform
windows7_x64
resource
win7-20231215-en
resource tags

arch:x64arch:x86image:win7-20231215-enlocale:en-usos:windows7-x64system
submitted
24/12/2023, 20:31

Target

11199498ca3dfc7310fe57f65ffb3c93.exe
Size

9KB
MD5

11199498ca3dfc7310fe57f65ffb3c93
SHA1

77b0e719cfeca91335bcd51def6ebbebf0b68794
SHA256

1f4131cfcfc29f3bf592378591456460c376888c8d538a91ea0a0da7276c3330
SHA512

b69a4f82487adc4f815917b1ab15380b29ec11eb9cdcd676439fb57b3d9e928fdcd953677f3fbdb1afc74e601526c28532c3c7a2a70e1b9d7a25cd3ece624bd5
SSDEEP

192:MBksu/EXVwV7HeMZZ3093VnjdwCzB3KQANKB:UVwpHeMoFnhwC99u

Score

1^/10

Suspicious use of AdjustPrivilegeToken 1 IoCs

description	pid	Process
Token: SeDebugPrivilege	1088	11199498ca3dfc7310fe57f65ffb3c93.exe

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 1088 wrote to memory of 2688	1088	11199498ca3dfc7310fe57f65ffb3c93.exe	28
PID 1088 wrote to memory of 2688	1088	11199498ca3dfc7310fe57f65ffb3c93.exe	28
PID 1088 wrote to memory of 2688	1088	11199498ca3dfc7310fe57f65ffb3c93.exe	28

C:\Users\Admin\AppData\Local\Temp\11199498ca3dfc7310fe57f65ffb3c93.exe
"C:\Users\Admin\AppData\Local\Temp\11199498ca3dfc7310fe57f65ffb3c93.exe"
1⤵
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
PID:1088
- C:\Windows\system32\WerFault.exe
  C:\Windows\system32\WerFault.exe -u -p 1088 -s 900
  2⤵
  PID:2688

memory/1088-0-0x0000000000F30000-0x0000000000F38000-memory.dmp

Filesize
32KB

Download
memory/1088-1-0x000007FEF5820000-0x000007FEF620C000-memory.dmp

Filesize
9.9MB

Download
memory/1088-2-0x000000001B180000-0x000000001B200000-memory.dmp

Filesize
512KB

Download
memory/1088-3-0x000007FEF5820000-0x000007FEF620C000-memory.dmp

Filesize
9.9MB

Download
memory/1088-4-0x000000001B180000-0x000000001B200000-memory.dmp

Filesize
512KB

Download