6d5142129c534518311aa48397dfa87d3cf29a26ffb15ab37f47d1c92aa97713

Analysis

max time kernel
121s
max time network
123s
platform
windows7_x64
resource
win7-20231215-en
resource tags

arch:x64arch:x86image:win7-20231215-enlocale:en-usos:windows7-x64system
submitted
30/12/2023, 10:33

Target

160b47d0190792ca7b31463dfea3bfb6.exe
Size

9KB
MD5

160b47d0190792ca7b31463dfea3bfb6
SHA1

19b54a5b4a5c047a779997d42dc9665f363833b5
SHA256

6d5142129c534518311aa48397dfa87d3cf29a26ffb15ab37f47d1c92aa97713
SHA512

f1300c62cf38e1adbd19c95e0839009a17a7709155671a7193dac9e639fd673e0817f503e0f15a612c98e94d9db5189230157eaf3e82c8406c354c82392ed78b
SSDEEP

192:DBksuPEXVwVb6deMZZ3mb93VnjdwCzv3PQf:hVwN6deMiRFnhwCDfQ

Score

1^/10

Suspicious use of AdjustPrivilegeToken 1 IoCs

description	pid	Process
Token: SeDebugPrivilege	1732	160b47d0190792ca7b31463dfea3bfb6.exe

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 1732 wrote to memory of 2936	1732	160b47d0190792ca7b31463dfea3bfb6.exe	28
PID 1732 wrote to memory of 2936	1732	160b47d0190792ca7b31463dfea3bfb6.exe	28
PID 1732 wrote to memory of 2936	1732	160b47d0190792ca7b31463dfea3bfb6.exe	28

C:\Users\Admin\AppData\Local\Temp\160b47d0190792ca7b31463dfea3bfb6.exe
"C:\Users\Admin\AppData\Local\Temp\160b47d0190792ca7b31463dfea3bfb6.exe"
1⤵
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
PID:1732
- C:\Windows\system32\WerFault.exe
  C:\Windows\system32\WerFault.exe -u -p 1732 -s 896
  2⤵
  PID:2936

memory/1732-0-0x00000000012F0000-0x00000000012F8000-memory.dmp

Filesize
32KB

Download
memory/1732-1-0x000007FEF5C50000-0x000007FEF663C000-memory.dmp

Filesize
9.9MB

Download
memory/1732-2-0x000000001B420000-0x000000001B4A0000-memory.dmp

Filesize
512KB

Download
memory/1732-3-0x000007FEF5C50000-0x000007FEF663C000-memory.dmp

Filesize
9.9MB

Download
memory/1732-4-0x000000001B420000-0x000000001B4A0000-memory.dmp

Filesize
512KB

Download