062c542adf6381f22c833061876e124beb6a9915d69f97b09480e21c0942515f

Analysis

max time kernel
120s
max time network
121s
platform
windows7_x64
resource
win7-20231215-en
resource tags

arch:x64arch:x86image:win7-20231215-enlocale:en-usos:windows7-x64system
submitted
30/12/2023, 09:51

Target

14f856720aa32c66d6e719b049a9b666.exe
Size

9KB
MD5

14f856720aa32c66d6e719b049a9b666
SHA1

7537c527693058069a55ea7f3226526b2f9c86b1
SHA256

062c542adf6381f22c833061876e124beb6a9915d69f97b09480e21c0942515f
SHA512

e5b8d0f871bb3d0dcf6873b2f7b111ee5a390e9fb5769ec5240e8a52d65f3a81c58d65e0a334bbea40986aaf8863b8a1ae03beabf9f89451e4f8972cfab7e2be
SSDEEP

192:RBksuHDUSOV2ocXeMZZ3893VnjdwCzW3qg3:UbXeMYFnhwCa6g

Score

1^/10

Suspicious use of AdjustPrivilegeToken 1 IoCs

description	pid	Process
Token: SeDebugPrivilege	2956	14f856720aa32c66d6e719b049a9b666.exe

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 2956 wrote to memory of 2792	2956	14f856720aa32c66d6e719b049a9b666.exe	28
PID 2956 wrote to memory of 2792	2956	14f856720aa32c66d6e719b049a9b666.exe	28
PID 2956 wrote to memory of 2792	2956	14f856720aa32c66d6e719b049a9b666.exe	28

C:\Users\Admin\AppData\Local\Temp\14f856720aa32c66d6e719b049a9b666.exe
"C:\Users\Admin\AppData\Local\Temp\14f856720aa32c66d6e719b049a9b666.exe"
1⤵
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
PID:2956
- C:\Windows\system32\WerFault.exe
  C:\Windows\system32\WerFault.exe -u -p 2956 -s 892
  2⤵
  PID:2792

memory/2956-0-0x0000000000240000-0x0000000000248000-memory.dmp

Filesize
32KB

Download
memory/2956-1-0x000007FEF5990000-0x000007FEF637C000-memory.dmp

Filesize
9.9MB

Download
memory/2956-2-0x00000000006A0000-0x0000000000720000-memory.dmp

Filesize
512KB

Download
memory/2956-3-0x000007FEF5990000-0x000007FEF637C000-memory.dmp

Filesize
9.9MB

Download
memory/2956-4-0x00000000006A0000-0x0000000000720000-memory.dmp

Filesize
512KB

Download