a0543707fca6806db9188ebcf7414b4998c4cad2589f731344bd4afa8d0c6ad4

Analysis

max time kernel
122s
max time network
128s
platform
windows7_x64
resource
win7-20231215-en
resource tags

arch:x64arch:x86image:win7-20231215-enlocale:en-usos:windows7-x64system
submitted
25-12-2023 22:48

Target

413b16d130b62e3b82effc689d6de22b.exe
Size

9KB
MD5

413b16d130b62e3b82effc689d6de22b
SHA1

2fb1bb94689f026f01c26ef0860caeb06c49a474
SHA256

a0543707fca6806db9188ebcf7414b4998c4cad2589f731344bd4afa8d0c6ad4
SHA512

2deee9c4c1e677453a92087551160ad2c6237e40d8a1f3a611dbc5d10fbba60cd8883e23d2dd72df5deaf85f6a0e4f39e41028223e1af830d36db656f67f2a0c
SSDEEP

192:4BksuXEXVwVIQeMZZ3t93VnjdwCzS3YpSV:YVwOQeM3FnhwCuoY

Score

1^/10

Suspicious use of AdjustPrivilegeToken 1 IoCs

description	pid	Process
Token: SeDebugPrivilege	3032	413b16d130b62e3b82effc689d6de22b.exe

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 3032 wrote to memory of 2672	3032	413b16d130b62e3b82effc689d6de22b.exe	28
PID 3032 wrote to memory of 2672	3032	413b16d130b62e3b82effc689d6de22b.exe	28
PID 3032 wrote to memory of 2672	3032	413b16d130b62e3b82effc689d6de22b.exe	28

C:\Users\Admin\AppData\Local\Temp\413b16d130b62e3b82effc689d6de22b.exe
"C:\Users\Admin\AppData\Local\Temp\413b16d130b62e3b82effc689d6de22b.exe"
1⤵
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
PID:3032
- C:\Windows\system32\WerFault.exe
  C:\Windows\system32\WerFault.exe -u -p 3032 -s 900
  2⤵
  PID:2672

memory/3032-0-0x0000000000AF0000-0x0000000000AF8000-memory.dmp

Filesize
32KB

Download
memory/3032-1-0x000007FEF52C0000-0x000007FEF5CAC000-memory.dmp

Filesize
9.9MB

Download
memory/3032-2-0x000000001A580000-0x000000001A600000-memory.dmp

Filesize
512KB

Download
memory/3032-3-0x000007FEF52C0000-0x000007FEF5CAC000-memory.dmp

Filesize
9.9MB

Download
memory/3032-4-0x000000001A580000-0x000000001A600000-memory.dmp

Filesize
512KB

Download