b437fae38685d44e8fd3c1aafb0fa4e3c0b2117003cc6a388d3b05a0ee021f8f

Analysis

max time kernel
119s
max time network
145s
platform
windows7_x64
resource
win7-20231215-en
resource tags

arch:x64arch:x86image:win7-20231215-enlocale:en-usos:windows7-x64system
submitted
25-12-2023 08:25

Target

11db8976bf75156cebc74e5e37698013.exe
Size

8KB
MD5

11db8976bf75156cebc74e5e37698013
SHA1

6dbbe85320d49190382db260efa100612f88772f
SHA256

b437fae38685d44e8fd3c1aafb0fa4e3c0b2117003cc6a388d3b05a0ee021f8f
SHA512

c4bdabe0a43fc8fa9a49dc30e7ddb8b655a61b582136bbfdda6d9015a01202d1a91b32fc18cf5b72ac0618ac12a1d6e612f667245088f4119d95b4772e633ab4
SSDEEP

96:wjTVzdEQpXYgA/2vZHtbxilif8KhCF7TCFRCFRCFJCFHCFzCFsCF/TU84RzNt:wLp342vnbH+BULz

Score

3^/10

Program crash 1 IoCs

pid	pid_target	Process	procid_target
2000	2844	WerFault.exe	13

Suspicious use of AdjustPrivilegeToken 1 IoCs

description	pid	Process
Token: SeDebugPrivilege	2844	11db8976bf75156cebc74e5e37698013.exe

Suspicious use of WriteProcessMemory 4 IoCs

description	pid	Process	procid_target
PID 2844 wrote to memory of 2000	2844	11db8976bf75156cebc74e5e37698013.exe	29
PID 2844 wrote to memory of 2000	2844	11db8976bf75156cebc74e5e37698013.exe	29
PID 2844 wrote to memory of 2000	2844	11db8976bf75156cebc74e5e37698013.exe	29
PID 2844 wrote to memory of 2000	2844	11db8976bf75156cebc74e5e37698013.exe	29

C:\Users\Admin\AppData\Local\Temp\11db8976bf75156cebc74e5e37698013.exe
"C:\Users\Admin\AppData\Local\Temp\11db8976bf75156cebc74e5e37698013.exe"
1⤵
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
PID:2844
- C:\Windows\SysWOW64\WerFault.exe
  C:\Windows\SysWOW64\WerFault.exe -u -p 2844 -s 980
  2⤵
  - Program crash
  PID:2000

memory/2844-0-0x0000000000200000-0x0000000000208000-memory.dmp

Filesize
32KB

Download
memory/2844-1-0x0000000073EB0000-0x000000007459E000-memory.dmp

Filesize
6.9MB

Download
memory/2844-2-0x0000000000230000-0x0000000000270000-memory.dmp

Filesize
256KB

Download
memory/2844-3-0x0000000073EB0000-0x000000007459E000-memory.dmp

Filesize
6.9MB

Download
memory/2844-4-0x0000000000230000-0x0000000000270000-memory.dmp

Filesize
256KB

Download