57522f8142970785629361eb74ed265cbe0f5de27dd70a8eda023e17bce860ca

Analysis

max time kernel
117s
max time network
117s
platform
windows7_x64
resource
win7-20231215-en
resource tags

arch:x64arch:x86image:win7-20231215-enlocale:en-usos:windows7-x64system
submitted
30-12-2023 21:17

Target

1cb6d08a9a8ca52b6c379536bf93c97c.exe
Size

9KB
MD5

1cb6d08a9a8ca52b6c379536bf93c97c
SHA1

dc67762ab8752495291c820c3387373c087c5150
SHA256

57522f8142970785629361eb74ed265cbe0f5de27dd70a8eda023e17bce860ca
SHA512

03c588b87a09d59df6b0af1777c86bd3739f6e1d24c924210dbf3054f2b70340c9df01b4b5e0309284f53cb6fa9ab6bc55ea23f61d2c49fb3847d4062d2dcfe6
SSDEEP

192:EBksuz9MuI82eMZZ3893Vnjdwqzx3hyhS:Jlt2eMYFnhwqtgh

Score

1^/10

Suspicious use of AdjustPrivilegeToken 1 IoCs

description	pid	Process
Token: SeDebugPrivilege	2896	1cb6d08a9a8ca52b6c379536bf93c97c.exe

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 2896 wrote to memory of 2256	2896	1cb6d08a9a8ca52b6c379536bf93c97c.exe	28
PID 2896 wrote to memory of 2256	2896	1cb6d08a9a8ca52b6c379536bf93c97c.exe	28
PID 2896 wrote to memory of 2256	2896	1cb6d08a9a8ca52b6c379536bf93c97c.exe	28

C:\Users\Admin\AppData\Local\Temp\1cb6d08a9a8ca52b6c379536bf93c97c.exe
"C:\Users\Admin\AppData\Local\Temp\1cb6d08a9a8ca52b6c379536bf93c97c.exe"
1⤵
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
PID:2896
- C:\Windows\system32\WerFault.exe
  C:\Windows\system32\WerFault.exe -u -p 2896 -s 892
  2⤵
  PID:2256

memory/2896-0-0x0000000000C20000-0x0000000000C28000-memory.dmp

Filesize
32KB

Download
memory/2896-1-0x000007FEF5750000-0x000007FEF613C000-memory.dmp

Filesize
9.9MB

Download
memory/2896-2-0x0000000002040000-0x00000000020C0000-memory.dmp

Filesize
512KB

Download
memory/2896-3-0x000007FEF5750000-0x000007FEF613C000-memory.dmp

Filesize
9.9MB

Download
memory/2896-4-0x0000000002040000-0x00000000020C0000-memory.dmp

Filesize
512KB

Download