43e35bea8839b9ea66f37ec17e3ef77b22d1dcbcae597fcb082ac936398506d9

Analysis

max time kernel
120s
max time network
125s
platform
windows7_x64
resource
win7-20231215-en
resource tags

arch:x64arch:x86image:win7-20231215-enlocale:en-usos:windows7-x64system
submitted
25/12/2023, 15:53

Target

2add40e1a72b368d297dfe0bdc56837f.exe
Size

9KB
MD5

2add40e1a72b368d297dfe0bdc56837f
SHA1

bfbbc99ca061441987dfdc78e46ef82552bffc89
SHA256

43e35bea8839b9ea66f37ec17e3ef77b22d1dcbcae597fcb082ac936398506d9
SHA512

97664d9174fea49e73c4189eb2c13285951a9a03088a3faf74a254b36b719ca1d4c1fa6e8307301cae070efbb882714ccaf17ca621385a0758eec5dc41b92cbd
SSDEEP

192:FONBksuPE7+goG7yeMZZ3C93VnjdwqzX383H+:FQ2G7yeM+FnhwqDM3H

Score

1^/10

Suspicious use of AdjustPrivilegeToken 1 IoCs

description	pid	Process
Token: SeDebugPrivilege	2664	2add40e1a72b368d297dfe0bdc56837f.exe

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 2664 wrote to memory of 2712	2664	2add40e1a72b368d297dfe0bdc56837f.exe	28
PID 2664 wrote to memory of 2712	2664	2add40e1a72b368d297dfe0bdc56837f.exe	28
PID 2664 wrote to memory of 2712	2664	2add40e1a72b368d297dfe0bdc56837f.exe	28

C:\Users\Admin\AppData\Local\Temp\2add40e1a72b368d297dfe0bdc56837f.exe
"C:\Users\Admin\AppData\Local\Temp\2add40e1a72b368d297dfe0bdc56837f.exe"
1⤵
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
PID:2664
- C:\Windows\system32\WerFault.exe
  C:\Windows\system32\WerFault.exe -u -p 2664 -s 900
  2⤵
  PID:2712

memory/2664-0-0x0000000000D50000-0x0000000000D58000-memory.dmp

Filesize
32KB

Download
memory/2664-1-0x000007FEF5730000-0x000007FEF611C000-memory.dmp

Filesize
9.9MB

Download
memory/2664-2-0x000000001B140000-0x000000001B1C0000-memory.dmp

Filesize
512KB

Download
memory/2664-3-0x000007FEF5730000-0x000007FEF611C000-memory.dmp

Filesize
9.9MB

Download
memory/2664-4-0x000000001B140000-0x000000001B1C0000-memory.dmp

Filesize
512KB

Download