aee4034f10c8724f0278ec1c9548ea09fe688f6f6ab9c08ec3dbb01e1942837e

Analysis

max time kernel
119s
max time network
120s
platform
windows7_x64
resource
win7-20231215-en
resource tags

arch:x64arch:x86image:win7-20231215-enlocale:en-usos:windows7-x64system
submitted
30-12-2023 22:32

Target

1e898d5a4caddaed0c634a2bebcb3f75.exe
Size

9KB
MD5

1e898d5a4caddaed0c634a2bebcb3f75
SHA1

00da72ed635b86b643a6b250470e33856786d07d
SHA256

aee4034f10c8724f0278ec1c9548ea09fe688f6f6ab9c08ec3dbb01e1942837e
SHA512

bbe74cc2d3a35e815b20120fda993a023f99c154b5e937734caa0d62d1201d3cb9b60d8e1143768346a4be0d20727b544f1812b683ff5b8bad6cefebabd282d8
SSDEEP

192:VBksuz9MuIs6eMZZ3g93VnjdwqzO3wZRnujp6:6lt6eMkFnhwqaAZxuj

Score

1^/10

Suspicious use of AdjustPrivilegeToken 1 IoCs

description	pid	Process
Token: SeDebugPrivilege	1992	1e898d5a4caddaed0c634a2bebcb3f75.exe

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 1992 wrote to memory of 2828	1992	1e898d5a4caddaed0c634a2bebcb3f75.exe	28
PID 1992 wrote to memory of 2828	1992	1e898d5a4caddaed0c634a2bebcb3f75.exe	28
PID 1992 wrote to memory of 2828	1992	1e898d5a4caddaed0c634a2bebcb3f75.exe	28

C:\Users\Admin\AppData\Local\Temp\1e898d5a4caddaed0c634a2bebcb3f75.exe
"C:\Users\Admin\AppData\Local\Temp\1e898d5a4caddaed0c634a2bebcb3f75.exe"
1⤵
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
PID:1992
- C:\Windows\system32\WerFault.exe
  C:\Windows\system32\WerFault.exe -u -p 1992 -s 892
  2⤵
  PID:2828

memory/1992-0-0x0000000000AD0000-0x0000000000AD8000-memory.dmp

Filesize
32KB

Download
memory/1992-1-0x000007FEF5EC0000-0x000007FEF68AC000-memory.dmp

Filesize
9.9MB

Download
memory/1992-2-0x000000001B250000-0x000000001B2D0000-memory.dmp

Filesize
512KB

Download
memory/1992-3-0x000007FEF5EC0000-0x000007FEF68AC000-memory.dmp

Filesize
9.9MB

Download
memory/1992-4-0x000000001B250000-0x000000001B2D0000-memory.dmp

Filesize
512KB

Download