7599ac09241b8501eab6532f5f8afc33107c438ac6cdecada37d9806f7db3164

Analysis

max time kernel
121s
max time network
143s
platform
windows7_x64
resource
win7-20231215-en
resource tags

arch:x64arch:x86image:win7-20231215-enlocale:en-usos:windows7-x64system
submitted
26/12/2023, 02:07

Target

4b8481b52adcc4b3a76c06837810a0b3.exe
Size

9KB
MD5

4b8481b52adcc4b3a76c06837810a0b3
SHA1

2175cf80f2c4cb1309f61410a7de74d5c64657c1
SHA256

7599ac09241b8501eab6532f5f8afc33107c438ac6cdecada37d9806f7db3164
SHA512

85ff5a824aa17e2ad454cce9809b35ab0845c2d5541208ce2401cafffcc27703c8bbf8f4ac1673a08dfdb88c87d2082c498773cb725fc828ffc6628c44ae308f
SSDEEP

192:YBksuHm6N7oy1bzleMZZ3V93Vnjdwqzi3xS4:q4xZBeM/FnhwqWk

Score

1^/10

Suspicious use of AdjustPrivilegeToken 1 IoCs

description	pid	Process
Token: SeDebugPrivilege	2480	4b8481b52adcc4b3a76c06837810a0b3.exe

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 2480 wrote to memory of 2600	2480	4b8481b52adcc4b3a76c06837810a0b3.exe	30
PID 2480 wrote to memory of 2600	2480	4b8481b52adcc4b3a76c06837810a0b3.exe	30
PID 2480 wrote to memory of 2600	2480	4b8481b52adcc4b3a76c06837810a0b3.exe	30

C:\Users\Admin\AppData\Local\Temp\4b8481b52adcc4b3a76c06837810a0b3.exe
"C:\Users\Admin\AppData\Local\Temp\4b8481b52adcc4b3a76c06837810a0b3.exe"
1⤵
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
PID:2480
- C:\Windows\system32\WerFault.exe
  C:\Windows\system32\WerFault.exe -u -p 2480 -s 904
  2⤵
  PID:2600

memory/2480-0-0x0000000000190000-0x0000000000198000-memory.dmp

Filesize
32KB

Download
memory/2480-1-0x000007FEF55B0000-0x000007FEF5F9C000-memory.dmp

Filesize
9.9MB

Download
memory/2480-2-0x000000001AB80000-0x000000001AC00000-memory.dmp

Filesize
512KB

Download
memory/2480-3-0x000007FEF55B0000-0x000007FEF5F9C000-memory.dmp

Filesize
9.9MB

Download
memory/2480-4-0x000000001AB80000-0x000000001AC00000-memory.dmp

Filesize
512KB

Download