5d248b0bcc0cd6e7df433e32a862dbb6f3ffec369b18cf507d8068944badcc79

Analysis

max time kernel
121s
max time network
131s
platform
windows7_x64
resource
win7-20231215-en
resource tags

arch:x64arch:x86image:win7-20231215-enlocale:en-usos:windows7-x64system
submitted
30/12/2023, 13:34

Target

1a2db84dd814f688cc24abcf513622fa.exe
Size

9KB
MD5

1a2db84dd814f688cc24abcf513622fa
SHA1

aa366981a5638ab30a39932b4ac554a25c609846
SHA256

5d248b0bcc0cd6e7df433e32a862dbb6f3ffec369b18cf507d8068944badcc79
SHA512

aea318b9e6c4b1faab92df58856e90f3db24be0d8c22b3b688cfd9c7dad9723b0b96755d345c89c1f2381397308d14b4a2d8950e93fd0652271ee6a3e0216880
SSDEEP

192:JNBksuXEXVwVGzeMZZ3M93VnjdwCzV3lwp:JzVw0zeMYFnhwCp1w

Score

1^/10

Suspicious use of AdjustPrivilegeToken 1 IoCs

description	pid	Process
Token: SeDebugPrivilege	1516	1a2db84dd814f688cc24abcf513622fa.exe

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 1516 wrote to memory of 2736	1516	1a2db84dd814f688cc24abcf513622fa.exe	28
PID 1516 wrote to memory of 2736	1516	1a2db84dd814f688cc24abcf513622fa.exe	28
PID 1516 wrote to memory of 2736	1516	1a2db84dd814f688cc24abcf513622fa.exe	28

C:\Users\Admin\AppData\Local\Temp\1a2db84dd814f688cc24abcf513622fa.exe
"C:\Users\Admin\AppData\Local\Temp\1a2db84dd814f688cc24abcf513622fa.exe"
1⤵
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
PID:1516
- C:\Windows\system32\WerFault.exe
  C:\Windows\system32\WerFault.exe -u -p 1516 -s 896
  2⤵
  PID:2736

memory/1516-0-0x0000000000F10000-0x0000000000F18000-memory.dmp

Filesize
32KB

Download
memory/1516-1-0x000007FEF5B60000-0x000007FEF654C000-memory.dmp

Filesize
9.9MB

Download
memory/1516-2-0x0000000000E80000-0x0000000000F00000-memory.dmp

Filesize
512KB

Download
memory/1516-3-0x000007FEF5B60000-0x000007FEF654C000-memory.dmp

Filesize
9.9MB

Download
memory/1516-4-0x0000000000E80000-0x0000000000F00000-memory.dmp

Filesize
512KB

Download