be08fbbc64c0fc3ab7a9287124098e3a2c3ed27a9026e30723bc727290cede7c

Analysis

max time kernel
120s
max time network
121s
platform
windows7_x64
resource
win7-20231129-en
resource tags

arch:x64arch:x86image:win7-20231129-enlocale:en-usos:windows7-x64system
submitted
30/12/2023, 03:09

Target

0c88ab9f401acea1b7cb5122a1a6d921.exe
Size

9KB
MD5

0c88ab9f401acea1b7cb5122a1a6d921
SHA1

c27d714d1a0106cf3c520d9befe29c5f1f85d204
SHA256

be08fbbc64c0fc3ab7a9287124098e3a2c3ed27a9026e30723bc727290cede7c
SHA512

a343ee4793f7f7865afd8eee3aed7c08e1fc67cc086bd6b59da48e5e18654b5439aef815cc4db06b1548b7f8468508cf989d755ef006f79cc92a165e734651c2
SSDEEP

192:cVBksu/zHNQIjeMZZ3593VnjdwqzI3WXuRl:cWHrjeM7Fnhwq8L

Score

1^/10

Suspicious use of AdjustPrivilegeToken 1 IoCs

description	pid	Process
Token: SeDebugPrivilege	2324	0c88ab9f401acea1b7cb5122a1a6d921.exe

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 2324 wrote to memory of 2972	2324	0c88ab9f401acea1b7cb5122a1a6d921.exe	28
PID 2324 wrote to memory of 2972	2324	0c88ab9f401acea1b7cb5122a1a6d921.exe	28
PID 2324 wrote to memory of 2972	2324	0c88ab9f401acea1b7cb5122a1a6d921.exe	28

C:\Users\Admin\AppData\Local\Temp\0c88ab9f401acea1b7cb5122a1a6d921.exe
"C:\Users\Admin\AppData\Local\Temp\0c88ab9f401acea1b7cb5122a1a6d921.exe"
1⤵
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
PID:2324
- C:\Windows\system32\WerFault.exe
  C:\Windows\system32\WerFault.exe -u -p 2324 -s 892
  2⤵
  PID:2972

memory/2324-0-0x00000000013B0000-0x00000000013B8000-memory.dmp

Filesize
32KB

Download
memory/2324-1-0x000007FEF5C90000-0x000007FEF667C000-memory.dmp

Filesize
9.9MB

Download
memory/2324-2-0x000000001B0D0000-0x000000001B150000-memory.dmp

Filesize
512KB

Download
memory/2324-3-0x000007FEF5C90000-0x000007FEF667C000-memory.dmp

Filesize
9.9MB

Download
memory/2324-4-0x000000001B0D0000-0x000000001B150000-memory.dmp

Filesize
512KB

Download