92c51c585672df9fc62a716c9e9e13bd1c5cea22bf0803a98442102af8a9eeea

Analysis

max time kernel
122s
max time network
127s
platform
windows7_x64
resource
win7-20231215-en
resource tags

arch:x64arch:x86image:win7-20231215-enlocale:en-usos:windows7-x64system
submitted
28-12-2023 06:11

Target

ca8aae34beefb29525e8d94c02e00e6f.exe
Size

11KB
MD5

ca8aae34beefb29525e8d94c02e00e6f
SHA1

aaddb87c71e8b39c2635887338614cf055ef6005
SHA256

92c51c585672df9fc62a716c9e9e13bd1c5cea22bf0803a98442102af8a9eeea
SHA512

1383d6a5deafa68666a932250954810fd069ae862cbf2a9fdea6022d32b7bc5a9b381ab8b4734b32c5f5edd753e1a641938e269a58b0c9635d7277b64cd7ce64
SSDEEP

192:bf0bT5u+V0G5j18okX/m5gpEwil94rmuvelyz0w8gxVNa:bMf5u+1jqXPEwq9462Mjw8gLN

Score

1^/10

Suspicious use of AdjustPrivilegeToken 1 IoCs

description	pid	Process
Token: SeDebugPrivilege	2224	ca8aae34beefb29525e8d94c02e00e6f.exe

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 2224 wrote to memory of 1944	2224	ca8aae34beefb29525e8d94c02e00e6f.exe	28
PID 2224 wrote to memory of 1944	2224	ca8aae34beefb29525e8d94c02e00e6f.exe	28
PID 2224 wrote to memory of 1944	2224	ca8aae34beefb29525e8d94c02e00e6f.exe	28

C:\Users\Admin\AppData\Local\Temp\ca8aae34beefb29525e8d94c02e00e6f.exe
"C:\Users\Admin\AppData\Local\Temp\ca8aae34beefb29525e8d94c02e00e6f.exe"
1⤵
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
PID:2224
- C:\Windows\system32\WerFault.exe
  C:\Windows\system32\WerFault.exe -u -p 2224 -s 960
  2⤵
  PID:1944

memory/2224-0-0x0000000000090000-0x000000000009A000-memory.dmp

Filesize
40KB

Download
memory/2224-1-0x000007FEF5970000-0x000007FEF635C000-memory.dmp

Filesize
9.9MB

Download
memory/2224-2-0x000000001A750000-0x000000001A7D0000-memory.dmp

Filesize
512KB

Download
memory/2224-3-0x000007FEF5970000-0x000007FEF635C000-memory.dmp

Filesize
9.9MB

Download
memory/2224-4-0x000000001A750000-0x000000001A7D0000-memory.dmp

Filesize
512KB

Download