9c6f7b61df874d5cbcbdd867474cdcff987091e87326144ebcfe4c124e5cbe80

Analysis

max time kernel
120s
max time network
152s
platform
windows7_x64
resource
win7-20231215-en
resource tags

arch:x64arch:x86image:win7-20231215-enlocale:en-usos:windows7-x64system
submitted
30/12/2023, 03:08

Target

0c83cec42254d496d9f1ae3a3792f3e5.exe
Size

9KB
MD5

0c83cec42254d496d9f1ae3a3792f3e5
SHA1

7e5e265ad6f82974e640b6daa727c46f46f595b6
SHA256

9c6f7b61df874d5cbcbdd867474cdcff987091e87326144ebcfe4c124e5cbe80
SHA512

40ac15245f3178caf73edf053a5bdc11538be2c3839aa2326e193c82f350bb5d5d004b3b1935ab4b8da7cee69732b98404df127610f678979b56dd23bd1d1a59
SSDEEP

192:fBksuXrN3y+tjeMZZ3m93VnjdwCz3321U495Pj:YZ3jeMKFnhwCToVzP

Score

1^/10

Suspicious use of AdjustPrivilegeToken 1 IoCs

description	pid	Process
Token: SeDebugPrivilege	1364	0c83cec42254d496d9f1ae3a3792f3e5.exe

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 1364 wrote to memory of 2744	1364	0c83cec42254d496d9f1ae3a3792f3e5.exe	30
PID 1364 wrote to memory of 2744	1364	0c83cec42254d496d9f1ae3a3792f3e5.exe	30
PID 1364 wrote to memory of 2744	1364	0c83cec42254d496d9f1ae3a3792f3e5.exe	30

C:\Users\Admin\AppData\Local\Temp\0c83cec42254d496d9f1ae3a3792f3e5.exe
"C:\Users\Admin\AppData\Local\Temp\0c83cec42254d496d9f1ae3a3792f3e5.exe"
1⤵
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
PID:1364
- C:\Windows\system32\WerFault.exe
  C:\Windows\system32\WerFault.exe -u -p 1364 -s 900
  2⤵
  PID:2744

memory/1364-0-0x00000000012C0000-0x00000000012C8000-memory.dmp

Filesize
32KB

Download
memory/1364-1-0x000007FEF5730000-0x000007FEF611C000-memory.dmp

Filesize
9.9MB

Download
memory/1364-2-0x000000001B1A0000-0x000000001B220000-memory.dmp

Filesize
512KB

Download
memory/1364-3-0x000007FEF5730000-0x000007FEF611C000-memory.dmp

Filesize
9.9MB

Download
memory/1364-4-0x000000001B1A0000-0x000000001B220000-memory.dmp

Filesize
512KB

Download