172db234d7311111e35210dbbb2f165ad3c94ed5ad471607eb97daec096d530e

Analysis

max time kernel
117s
max time network
118s
platform
windows7_x64
resource
win7-20231129-en
resource tags

arch:x64arch:x86image:win7-20231129-enlocale:en-usos:windows7-x64system
submitted
30/12/2023, 05:56

Target

107fa7137100c1d1c7df573b1ff3dc16.exe
Size

9KB
MD5

107fa7137100c1d1c7df573b1ff3dc16
SHA1

9c96f531758028fbd1a484248b3c95681d13d0ef
SHA256

172db234d7311111e35210dbbb2f165ad3c94ed5ad471607eb97daec096d530e
SHA512

7494d8a6a45d7a0ca7669d2e60fc1a0ac0dbc426516ab4a93b51df58a3605b4c4c430e5db940b202e4c757cd778b925941d8e22a14ad3b6c4e36f3d63c979e61
SSDEEP

192:oBksuPrN3y+d8eMZZ3393VnjdwCzj3hyv:fZL8eMhFnhwCvx

Score

1^/10

Suspicious use of AdjustPrivilegeToken 1 IoCs

description	pid	Process
Token: SeDebugPrivilege	2724	107fa7137100c1d1c7df573b1ff3dc16.exe

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 2724 wrote to memory of 3064	2724	107fa7137100c1d1c7df573b1ff3dc16.exe	28
PID 2724 wrote to memory of 3064	2724	107fa7137100c1d1c7df573b1ff3dc16.exe	28
PID 2724 wrote to memory of 3064	2724	107fa7137100c1d1c7df573b1ff3dc16.exe	28

C:\Users\Admin\AppData\Local\Temp\107fa7137100c1d1c7df573b1ff3dc16.exe
"C:\Users\Admin\AppData\Local\Temp\107fa7137100c1d1c7df573b1ff3dc16.exe"
1⤵
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
PID:2724
- C:\Windows\system32\WerFault.exe
  C:\Windows\system32\WerFault.exe -u -p 2724 -s 896
  2⤵
  PID:3064

memory/2724-0-0x0000000000830000-0x0000000000838000-memory.dmp

Filesize
32KB

Download
memory/2724-1-0x000007FEF5CF0000-0x000007FEF66DC000-memory.dmp

Filesize
9.9MB

Download
memory/2724-2-0x000000001B280000-0x000000001B300000-memory.dmp

Filesize
512KB

Download
memory/2724-3-0x000007FEF5CF0000-0x000007FEF66DC000-memory.dmp

Filesize
9.9MB

Download
memory/2724-4-0x000000001B280000-0x000000001B300000-memory.dmp

Filesize
512KB

Download