ca4e3e5242967da79a895c6035bdb5fce8412ff864e1ad2a7de7aa60d4732400

Analysis

max time kernel
119s
max time network
124s
platform
windows7_x64
resource
win7-20231215-en
resource tags

arch:x64arch:x86image:win7-20231215-enlocale:en-usos:windows7-x64system
submitted
30/12/2023, 05:17

Target

0fccd3e45d3b29652b4e2b619843a48e.exe
Size

9KB
MD5

0fccd3e45d3b29652b4e2b619843a48e
SHA1

91e6d7091060c77d92c49baf7505c1e0f7386f7c
SHA256

ca4e3e5242967da79a895c6035bdb5fce8412ff864e1ad2a7de7aa60d4732400
SHA512

d032d42b50264958215ddd0451cc867a8ecfaeceff44fcb4d8515fa79d8fa86c5a9c6862bbb2797a9e825032f0015ec8e983691835a34e3ef197acfbf9cb97f4
SSDEEP

192:KBksun9MuItQeMZZ3+93VnjdwqzF3SoRZDi+:3lkQeMyFnhwqZbRti

Score

1^/10

Suspicious use of AdjustPrivilegeToken 1 IoCs

description	pid	Process
Token: SeDebugPrivilege	2732	0fccd3e45d3b29652b4e2b619843a48e.exe

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 2732 wrote to memory of 2480	2732	0fccd3e45d3b29652b4e2b619843a48e.exe	29
PID 2732 wrote to memory of 2480	2732	0fccd3e45d3b29652b4e2b619843a48e.exe	29
PID 2732 wrote to memory of 2480	2732	0fccd3e45d3b29652b4e2b619843a48e.exe	29

C:\Users\Admin\AppData\Local\Temp\0fccd3e45d3b29652b4e2b619843a48e.exe
"C:\Users\Admin\AppData\Local\Temp\0fccd3e45d3b29652b4e2b619843a48e.exe"
1⤵
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
PID:2732
- C:\Windows\system32\WerFault.exe
  C:\Windows\system32\WerFault.exe -u -p 2732 -s 908
  2⤵
  PID:2480

memory/2732-0-0x0000000001370000-0x0000000001378000-memory.dmp

Filesize
32KB

Download
memory/2732-1-0x000007FEF54D0000-0x000007FEF5EBC000-memory.dmp

Filesize
9.9MB

Download
memory/2732-2-0x000000001B1B0000-0x000000001B230000-memory.dmp

Filesize
512KB

Download
memory/2732-3-0x000007FEF54D0000-0x000007FEF5EBC000-memory.dmp

Filesize
9.9MB

Download
memory/2732-4-0x000000001B1B0000-0x000000001B230000-memory.dmp

Filesize
512KB

Download