b5d5415e7c5ed5dbf6c582c9373e863a620b817e8f8966aa457a5d8f92a560ba

Analysis

max time kernel
117s
max time network
148s
platform
windows7_x64
resource
win7-20231215-en
resource tags

arch:x64arch:x86image:win7-20231215-enlocale:en-usos:windows7-x64system
submitted
26-12-2023 12:12

Target

6d804bacd346ae50fae11ced2b804d72.exe
Size

9KB
MD5

6d804bacd346ae50fae11ced2b804d72
SHA1

d93ee90ef222f2643e2d469f868ed2f47cfa599b
SHA256

b5d5415e7c5ed5dbf6c582c9373e863a620b817e8f8966aa457a5d8f92a560ba
SHA512

5c1f3a10f4fd0b8a8155f47ccf0b12049f90b89c9cd19716cfe50cabff83448dbc63e60b743e9769c72c19df7eda9419a59733e1f8f0ff22362b276cf2eee1b0
SSDEEP

192:EBksurEXVwVGYeMZZ3593VnjdwCzi3u5yMY:AVwgYeMDFnhwCueoM

Score

1^/10

Suspicious use of AdjustPrivilegeToken 1 IoCs

description	pid	Process
Token: SeDebugPrivilege	2832	6d804bacd346ae50fae11ced2b804d72.exe

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 2832 wrote to memory of 2928	2832	6d804bacd346ae50fae11ced2b804d72.exe	29
PID 2832 wrote to memory of 2928	2832	6d804bacd346ae50fae11ced2b804d72.exe	29
PID 2832 wrote to memory of 2928	2832	6d804bacd346ae50fae11ced2b804d72.exe	29

C:\Users\Admin\AppData\Local\Temp\6d804bacd346ae50fae11ced2b804d72.exe
"C:\Users\Admin\AppData\Local\Temp\6d804bacd346ae50fae11ced2b804d72.exe"
1⤵
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
PID:2832
- C:\Windows\system32\WerFault.exe
  C:\Windows\system32\WerFault.exe -u -p 2832 -s 908
  2⤵
  PID:2928

memory/2832-0-0x0000000000020000-0x0000000000028000-memory.dmp

Filesize
32KB

Download
memory/2832-1-0x000007FEF5B80000-0x000007FEF656C000-memory.dmp

Filesize
9.9MB

Download
memory/2832-2-0x000000001B020000-0x000000001B0A0000-memory.dmp

Filesize
512KB

Download
memory/2832-3-0x000007FEF5B80000-0x000007FEF656C000-memory.dmp

Filesize
9.9MB

Download
memory/2832-4-0x000000001B020000-0x000000001B0A0000-memory.dmp

Filesize
512KB

Download