30c0c5425085d5415b5f71372bc93161f3a525a7c62ade80a694ee92a860e154

Analysis

max time kernel
118s
max time network
119s
platform
windows7_x64
resource
win7-20231129-en
resource tags

arch:x64arch:x86image:win7-20231129-enlocale:en-usos:windows7-x64system
submitted
26/12/2023, 09:28

Target

63cb6488aa82cf80ae4d88937731393e.exe
Size

9KB
MD5

63cb6488aa82cf80ae4d88937731393e
SHA1

093ccca9b2e8d6111798c8dbf12c0e2256955175
SHA256

30c0c5425085d5415b5f71372bc93161f3a525a7c62ade80a694ee92a860e154
SHA512

cb3245654bb64758c02814824a1dd2402306b94e4273da005c6ede326d8070999c94c1159e19d73ec8341201d545ed0ec118479e3c8216a0d4e117068af63313
SSDEEP

192:vBksuHrN3y+70eMZZ3X93VnjdwCzh30Y:YZR0eMpFnhwClE

Score

1^/10

Suspicious use of AdjustPrivilegeToken 1 IoCs

description	pid	Process
Token: SeDebugPrivilege	2352	63cb6488aa82cf80ae4d88937731393e.exe

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 2352 wrote to memory of 1812	2352	63cb6488aa82cf80ae4d88937731393e.exe	28
PID 2352 wrote to memory of 1812	2352	63cb6488aa82cf80ae4d88937731393e.exe	28
PID 2352 wrote to memory of 1812	2352	63cb6488aa82cf80ae4d88937731393e.exe	28

C:\Users\Admin\AppData\Local\Temp\63cb6488aa82cf80ae4d88937731393e.exe
"C:\Users\Admin\AppData\Local\Temp\63cb6488aa82cf80ae4d88937731393e.exe"
1⤵
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
PID:2352
- C:\Windows\system32\WerFault.exe
  C:\Windows\system32\WerFault.exe -u -p 2352 -s 900
  2⤵
  PID:1812

memory/2352-0-0x00000000003D0000-0x00000000003D8000-memory.dmp

Filesize
32KB

Download
memory/2352-1-0x000007FEF5BA0000-0x000007FEF658C000-memory.dmp

Filesize
9.9MB

Download
memory/2352-2-0x000000001B1D0000-0x000000001B250000-memory.dmp

Filesize
512KB

Download
memory/2352-3-0x000007FEF5BA0000-0x000007FEF658C000-memory.dmp

Filesize
9.9MB

Download
memory/2352-4-0x000000001B1D0000-0x000000001B250000-memory.dmp

Filesize
512KB

Download