6951546d27416c6a2b263e359cf7c939a203302167af2083217bddfa2f1c92ca

Analysis

max time kernel
121s
max time network
123s
platform
windows7_x64
resource
win7-20231215-en
resource tags

arch:x64arch:x86image:win7-20231215-enlocale:en-usos:windows7-x64system
submitted
26/12/2023, 02:00

Target

4b21bbd20b874060f1617052e29672d1.exe
Size

54KB
MD5

4b21bbd20b874060f1617052e29672d1
SHA1

4210b1a409eb8c149d4961f8b447def0bddc1c4b
SHA256

6951546d27416c6a2b263e359cf7c939a203302167af2083217bddfa2f1c92ca
SHA512

1bb5643199afe875fcd7118c36c9985f6d9b037eafd672c4f8fcd2747d7aee6ec14a9524a4c36d7a2c546c9afc6d487501686953edb6fb2467f9b70a9cdd1ae3
SSDEEP

768:rFM63iyTCU+W7V1YFhsMsA8qnD14Cr67hYqxDGQhCb/7aJGjN:rF/3nnMFhsM8qDXr8QGJG5

Score

3^/10

Program crash 1 IoCs

pid	pid_target	Process	procid_target
2544	1732	WerFault.exe	13

Suspicious use of AdjustPrivilegeToken 1 IoCs

description	pid	Process
Token: SeDebugPrivilege	1732	4b21bbd20b874060f1617052e29672d1.exe

Suspicious use of WriteProcessMemory 4 IoCs

description	pid	Process	procid_target
PID 1732 wrote to memory of 2544	1732	4b21bbd20b874060f1617052e29672d1.exe	28
PID 1732 wrote to memory of 2544	1732	4b21bbd20b874060f1617052e29672d1.exe	28
PID 1732 wrote to memory of 2544	1732	4b21bbd20b874060f1617052e29672d1.exe	28
PID 1732 wrote to memory of 2544	1732	4b21bbd20b874060f1617052e29672d1.exe	28

C:\Users\Admin\AppData\Local\Temp\4b21bbd20b874060f1617052e29672d1.exe
"C:\Users\Admin\AppData\Local\Temp\4b21bbd20b874060f1617052e29672d1.exe"
1⤵
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
PID:1732
- C:\Windows\SysWOW64\WerFault.exe
  C:\Windows\SysWOW64\WerFault.exe -u -p 1732 -s 1448
  2⤵
  - Program crash
  PID:2544

memory/1732-0-0x0000000000F40000-0x0000000000F52000-memory.dmp

Filesize
72KB

Download
memory/1732-2-0x0000000004AF0000-0x0000000004B30000-memory.dmp

Filesize
256KB

Download
memory/1732-1-0x0000000074970000-0x000000007505E000-memory.dmp

Filesize
6.9MB

Download
memory/1732-3-0x0000000074970000-0x000000007505E000-memory.dmp

Filesize
6.9MB

Download
memory/1732-38-0x0000000004AF0000-0x0000000004B30000-memory.dmp

Filesize
256KB

Download