e85f5100be43921722cd80735afc7be936b44b083dea59ffc3d44b2ca51570fe

Analysis

max time kernel
119s
max time network
125s
platform
windows7_x64
resource
win7-20231215-en
resource tags

arch:x64arch:x86image:win7-20231215-enlocale:en-usos:windows7-x64system
submitted
30/12/2023, 04:59

Target

0f544aa17d9f441ce6d129626ce5c67e.exe
Size

9KB
MD5

0f544aa17d9f441ce6d129626ce5c67e
SHA1

6edcf65b3637c611671431f9ad39c9ef232de86a
SHA256

e85f5100be43921722cd80735afc7be936b44b083dea59ffc3d44b2ca51570fe
SHA512

648df5c2a72d416b63bf02bb5a234f3b7854eef6e0ed79a17fa1907fdcd08c171088ec153b33dbc487d45b768e1110d7f90848a32a919f4f10a0d0c6d7edff9d
SSDEEP

192:0Bksuz9MuInDeMZZ3D93VnjdwqzN3/RdrT:Zl6DeMtFnhwqRvbr

Score

1^/10

Suspicious use of AdjustPrivilegeToken 1 IoCs

description	pid	Process
Token: SeDebugPrivilege	1712	0f544aa17d9f441ce6d129626ce5c67e.exe

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 1712 wrote to memory of 2968	1712	0f544aa17d9f441ce6d129626ce5c67e.exe	28
PID 1712 wrote to memory of 2968	1712	0f544aa17d9f441ce6d129626ce5c67e.exe	28
PID 1712 wrote to memory of 2968	1712	0f544aa17d9f441ce6d129626ce5c67e.exe	28

C:\Users\Admin\AppData\Local\Temp\0f544aa17d9f441ce6d129626ce5c67e.exe
"C:\Users\Admin\AppData\Local\Temp\0f544aa17d9f441ce6d129626ce5c67e.exe"
1⤵
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
PID:1712
- C:\Windows\system32\WerFault.exe
  C:\Windows\system32\WerFault.exe -u -p 1712 -s 900
  2⤵
  PID:2968

memory/1712-0-0x00000000009F0000-0x00000000009F8000-memory.dmp

Filesize
32KB

Download
memory/1712-1-0x000007FEF6100000-0x000007FEF6AEC000-memory.dmp

Filesize
9.9MB

Download
memory/1712-2-0x000000001A710000-0x000000001A790000-memory.dmp

Filesize
512KB

Download
memory/1712-3-0x000007FEF6100000-0x000007FEF6AEC000-memory.dmp

Filesize
9.9MB

Download
memory/1712-4-0x000000001A710000-0x000000001A790000-memory.dmp

Filesize
512KB

Download