0133a24c8537831520de96c6a7ea5bfc21b9a2984f7f83d8381e6c56b6668c08

Analysis

max time kernel
122s
max time network
133s
platform
windows7_x64
resource
win7-20231215-en
resource tags

arch:x64arch:x86image:win7-20231215-enlocale:en-usos:windows7-x64system
submitted
30/12/2023, 14:21

Target

1b44e45c806cd27a97ea02a7d0a7c614.exe
Size

9KB
MD5

1b44e45c806cd27a97ea02a7d0a7c614
SHA1

f1ae62a8615ee2090e17b21f624cfcdc303e1b28
SHA256

0133a24c8537831520de96c6a7ea5bfc21b9a2984f7f83d8381e6c56b6668c08
SHA512

598e7112f435c586956bdae475de0d95c87b133244338b24b90e285f9f6f71af29be64a5e1a376d94d8c602d0614421c58256d6ec1811fba2d68e5227e32f954
SSDEEP

192:1VBksuz9MuIZKeMZZ3893VnjdwqzO3LmQ76:16lYKeMYFnhwqa7mQ7

Score

1^/10

Suspicious use of AdjustPrivilegeToken 1 IoCs

description	pid	Process
Token: SeDebugPrivilege	3028	1b44e45c806cd27a97ea02a7d0a7c614.exe

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 3028 wrote to memory of 3044	3028	1b44e45c806cd27a97ea02a7d0a7c614.exe	28
PID 3028 wrote to memory of 3044	3028	1b44e45c806cd27a97ea02a7d0a7c614.exe	28
PID 3028 wrote to memory of 3044	3028	1b44e45c806cd27a97ea02a7d0a7c614.exe	28

C:\Users\Admin\AppData\Local\Temp\1b44e45c806cd27a97ea02a7d0a7c614.exe
"C:\Users\Admin\AppData\Local\Temp\1b44e45c806cd27a97ea02a7d0a7c614.exe"
1⤵
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
PID:3028
- C:\Windows\system32\WerFault.exe
  C:\Windows\system32\WerFault.exe -u -p 3028 -s 896
  2⤵
  PID:3044

memory/3028-0-0x0000000000150000-0x0000000000158000-memory.dmp

Filesize
32KB

Download
memory/3028-1-0x000007FEF5AB0000-0x000007FEF649C000-memory.dmp

Filesize
9.9MB

Download
memory/3028-2-0x000000001B5C0000-0x000000001B640000-memory.dmp

Filesize
512KB

Download
memory/3028-3-0x000007FEF5AB0000-0x000007FEF649C000-memory.dmp

Filesize
9.9MB

Download
memory/3028-4-0x000000001B5C0000-0x000000001B640000-memory.dmp

Filesize
512KB

Download