c711ef9e8d0e1e2744677f1d4c3fee46628931339e7eb28c5948b480d731d27b

Analysis

max time kernel
118s
max time network
120s
platform
windows7_x64
resource
win7-20231129-en
resource tags

arch:x64arch:x86image:win7-20231129-enlocale:en-usos:windows7-x64system
submitted
30-12-2023 06:45

Target

115ea506495646f70ee1d6eb53aa7ee2.exe
Size

9KB
MD5

115ea506495646f70ee1d6eb53aa7ee2
SHA1

b4c1296f49bc31831255ca906eefca2a904b263e
SHA256

c711ef9e8d0e1e2744677f1d4c3fee46628931339e7eb28c5948b480d731d27b
SHA512

aaff55c73ac54e27b71b20ce38a3765cf25d9c56be982aa94d1e1efc719b2a9514de447d2553a94cbe19919664180b9dc1fa288a9104c1aeec1afacff9b48129
SSDEEP

192:hBksuz9MuILR0eMZZ3O93VnjdwqzJ39i/ZR0u:Wls0eMiFnhwqdNsZu

Score

1^/10

Suspicious use of AdjustPrivilegeToken 1 IoCs

description	pid	Process
Token: SeDebugPrivilege	2436	115ea506495646f70ee1d6eb53aa7ee2.exe

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 2436 wrote to memory of 2588	2436	115ea506495646f70ee1d6eb53aa7ee2.exe	28
PID 2436 wrote to memory of 2588	2436	115ea506495646f70ee1d6eb53aa7ee2.exe	28
PID 2436 wrote to memory of 2588	2436	115ea506495646f70ee1d6eb53aa7ee2.exe	28

C:\Users\Admin\AppData\Local\Temp\115ea506495646f70ee1d6eb53aa7ee2.exe
"C:\Users\Admin\AppData\Local\Temp\115ea506495646f70ee1d6eb53aa7ee2.exe"
1⤵
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
PID:2436
- C:\Windows\system32\WerFault.exe
  C:\Windows\system32\WerFault.exe -u -p 2436 -s 896
  2⤵
  PID:2588

memory/2436-0-0x0000000000010000-0x0000000000018000-memory.dmp

Filesize
32KB

Download
memory/2436-1-0x000007FEF52F0000-0x000007FEF5CDC000-memory.dmp

Filesize
9.9MB

Download
memory/2436-2-0x000000001B2C0000-0x000000001B340000-memory.dmp

Filesize
512KB

Download
memory/2436-3-0x000007FEF52F0000-0x000007FEF5CDC000-memory.dmp

Filesize
9.9MB

Download
memory/2436-4-0x000000001B2C0000-0x000000001B340000-memory.dmp

Filesize
512KB

Download