04e3f37cfd7e14503edbc3656e291e0dddb7f88bec2b8781e5abf7f8a1c762ab

Analysis

max time kernel
117s
max time network
117s
platform
windows7_x64
resource
win7-20231129-en
resource tags

arch:x64arch:x86image:win7-20231129-enlocale:en-usos:windows7-x64system
submitted
26-12-2023 07:35

Target

5cde32efaf89f095cafb46eb7ad600f4.exe
Size

9KB
MD5

5cde32efaf89f095cafb46eb7ad600f4
SHA1

5c887efbcfd8360249e47714d7ee1b98b78c8b7f
SHA256

04e3f37cfd7e14503edbc3656e291e0dddb7f88bec2b8781e5abf7f8a1c762ab
SHA512

cf931714d40a90368cae9601fdddd38d118bb9f5097b0200e8cd1416ba67ee0c00a74e4aef0e43a9bc9b76ae6b837cb8d0f1492c8ce3d3e48d5be566bf3be8b6
SSDEEP

192:+BksuXzHNQv3eMZZ3V93Vnjdwqzq3XuOXIa:RHo3eMHFnhwqGnuOXI

Score

1^/10

Suspicious use of AdjustPrivilegeToken 1 IoCs

description	pid	Process
Token: SeDebugPrivilege	3040	5cde32efaf89f095cafb46eb7ad600f4.exe

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 3040 wrote to memory of 2268	3040	5cde32efaf89f095cafb46eb7ad600f4.exe	28
PID 3040 wrote to memory of 2268	3040	5cde32efaf89f095cafb46eb7ad600f4.exe	28
PID 3040 wrote to memory of 2268	3040	5cde32efaf89f095cafb46eb7ad600f4.exe	28

C:\Users\Admin\AppData\Local\Temp\5cde32efaf89f095cafb46eb7ad600f4.exe
"C:\Users\Admin\AppData\Local\Temp\5cde32efaf89f095cafb46eb7ad600f4.exe"
1⤵
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
PID:3040
- C:\Windows\system32\WerFault.exe
  C:\Windows\system32\WerFault.exe -u -p 3040 -s 892
  2⤵
  PID:2268

memory/3040-0-0x0000000000A90000-0x0000000000A98000-memory.dmp

Filesize
32KB

Download
memory/3040-1-0x000007FEF5B40000-0x000007FEF652C000-memory.dmp

Filesize
9.9MB

Download
memory/3040-2-0x000000001AFC0000-0x000000001B040000-memory.dmp

Filesize
512KB

Download
memory/3040-3-0x000007FEF5B40000-0x000007FEF652C000-memory.dmp

Filesize
9.9MB

Download
memory/3040-4-0x000000001AFC0000-0x000000001B040000-memory.dmp

Filesize
512KB

Download