78ab06d0be94cba15fbea0195d70b6a3f945a5bbc260a305f2f3fcc02b46a40d

Analysis

max time kernel
35s
max time network
63s
platform
windows7_x64
resource
win7-20231215-en
resource tags

arch:x64arch:x86image:win7-20231215-enlocale:en-usos:windows7-x64system
submitted
29/12/2023, 22:59

Target

0654aed3df8239ec89b93d395cb8472e.exe
Size

9KB
MD5

0654aed3df8239ec89b93d395cb8472e
SHA1

9923904ae5358f802335f09cd3d0c20078d716cd
SHA256

78ab06d0be94cba15fbea0195d70b6a3f945a5bbc260a305f2f3fcc02b46a40d
SHA512

fb42cced09237b312caa81d30dc2c7867816d7a8f67ed0f2a2fb993aeb957512dbb31d2aa4f8bd9ad23b55af4f18dad9192364493b28b265957cfa77b2092ca7
SSDEEP

192:UFBksuLPY82gQv5F4ZtweMZZ3B93VnjdwCzK3OCIN:UT82l4ZtweMTFnhwCG+Z

Score

1^/10

Suspicious use of AdjustPrivilegeToken 1 IoCs

description	pid	Process
Token: SeDebugPrivilege	2120	0654aed3df8239ec89b93d395cb8472e.exe

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 2120 wrote to memory of 2628	2120	0654aed3df8239ec89b93d395cb8472e.exe	30
PID 2120 wrote to memory of 2628	2120	0654aed3df8239ec89b93d395cb8472e.exe	30
PID 2120 wrote to memory of 2628	2120	0654aed3df8239ec89b93d395cb8472e.exe	30

C:\Users\Admin\AppData\Local\Temp\0654aed3df8239ec89b93d395cb8472e.exe
"C:\Users\Admin\AppData\Local\Temp\0654aed3df8239ec89b93d395cb8472e.exe"
1⤵
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
PID:2120
- C:\Windows\system32\WerFault.exe
  C:\Windows\system32\WerFault.exe -u -p 2120 -s 908
  2⤵
  PID:2628

memory/2120-0-0x00000000013D0000-0x00000000013D8000-memory.dmp

Filesize
32KB

Download
memory/2120-1-0x000007FEF5120000-0x000007FEF5B0C000-memory.dmp

Filesize
9.9MB

Download
memory/2120-2-0x0000000000450000-0x00000000004D0000-memory.dmp

Filesize
512KB

Download
memory/2120-3-0x000007FEF5120000-0x000007FEF5B0C000-memory.dmp

Filesize
9.9MB

Download
memory/2120-4-0x0000000000450000-0x00000000004D0000-memory.dmp

Filesize
512KB

Download