3396ffc08fe610326f38ef0166b82ec7a6cb80d3e875dac8a3528a2392f7c158

Analysis

max time kernel
118s
max time network
123s
platform
windows7_x64
resource
win7-20231215-en
resource tags

arch:x64arch:x86image:win7-20231215-enlocale:en-usos:windows7-x64system
submitted
25/12/2023, 22:37

Target

40bebbd873e4916eb3fdefe8c4c091df.exe
Size

9KB
MD5

40bebbd873e4916eb3fdefe8c4c091df
SHA1

bd6a3e3926c3cc84141cd4c83cb13e61457eb3c1
SHA256

3396ffc08fe610326f38ef0166b82ec7a6cb80d3e875dac8a3528a2392f7c158
SHA512

8394cd418f56382573c21e3973255b136f805d165830010052cd057f5c8ac23e292d8eb14d7a3276bac59c25d3547b6ea4cd8b79d85859365705c3b751ad26ab
SSDEEP

192:CnBksuvPY82gQv5F4AtkeMZZ3993VnjdwCzz3x9X:Cp82l4AtkeMvFnhwCfb

Score

1^/10

Suspicious use of AdjustPrivilegeToken 1 IoCs

description	pid	Process
Token: SeDebugPrivilege	776	40bebbd873e4916eb3fdefe8c4c091df.exe

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 776 wrote to memory of 2168	776	40bebbd873e4916eb3fdefe8c4c091df.exe	30
PID 776 wrote to memory of 2168	776	40bebbd873e4916eb3fdefe8c4c091df.exe	30
PID 776 wrote to memory of 2168	776	40bebbd873e4916eb3fdefe8c4c091df.exe	30

C:\Users\Admin\AppData\Local\Temp\40bebbd873e4916eb3fdefe8c4c091df.exe
"C:\Users\Admin\AppData\Local\Temp\40bebbd873e4916eb3fdefe8c4c091df.exe"
1⤵
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
PID:776
- C:\Windows\system32\WerFault.exe
  C:\Windows\system32\WerFault.exe -u -p 776 -s 904
  2⤵
  PID:2168

memory/776-0-0x0000000000190000-0x0000000000198000-memory.dmp

Filesize
32KB

Download
memory/776-1-0x000007FEF5D30000-0x000007FEF671C000-memory.dmp

Filesize
9.9MB

Download
memory/776-2-0x000000001B240000-0x000000001B2C0000-memory.dmp

Filesize
512KB

Download
memory/776-3-0x000007FEF5D30000-0x000007FEF671C000-memory.dmp

Filesize
9.9MB

Download
memory/776-4-0x000000001B240000-0x000000001B2C0000-memory.dmp

Filesize
512KB

Download