4aa5a7307dc01cef08c528af6736c7850d4b84d0d66cb3a9dba52920b220d42e

Analysis

max time kernel
121s
max time network
126s
platform
windows7_x64
resource
win7-20231215-en
resource tags

arch:x64arch:x86image:win7-20231215-enlocale:en-usos:windows7-x64system
submitted
30/12/2023, 20:47

Target

1c229eb072e0e7888a145603bca41e5e.exe
Size

9KB
MD5

1c229eb072e0e7888a145603bca41e5e
SHA1

322952f7a9627d53ce295b5cf3e74baff62d33ae
SHA256

4aa5a7307dc01cef08c528af6736c7850d4b84d0d66cb3a9dba52920b220d42e
SHA512

5cb8b2a872c1f5dc1a87fb240911cdd54c96a0099728d1c38f512c310ec0384809e200a88f7a5a36e2f5755f8ddbd804b31847fdec1774074c843fcda3a2e11b
SSDEEP

192:QBksunPY82gQv5F4UtPeMZZ3s93VnjdwCzx3gmfIFE:c82l4UtPeMoFnhwCVEF

Score

1^/10

Suspicious use of AdjustPrivilegeToken 1 IoCs

description	pid	Process
Token: SeDebugPrivilege	2288	1c229eb072e0e7888a145603bca41e5e.exe

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 2288 wrote to memory of 2668	2288	1c229eb072e0e7888a145603bca41e5e.exe	28
PID 2288 wrote to memory of 2668	2288	1c229eb072e0e7888a145603bca41e5e.exe	28
PID 2288 wrote to memory of 2668	2288	1c229eb072e0e7888a145603bca41e5e.exe	28

C:\Users\Admin\AppData\Local\Temp\1c229eb072e0e7888a145603bca41e5e.exe
"C:\Users\Admin\AppData\Local\Temp\1c229eb072e0e7888a145603bca41e5e.exe"
1⤵
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
PID:2288
- C:\Windows\system32\WerFault.exe
  C:\Windows\system32\WerFault.exe -u -p 2288 -s 896
  2⤵
  PID:2668

memory/2288-0-0x0000000000290000-0x0000000000298000-memory.dmp

Filesize
32KB

Download
memory/2288-1-0x000007FEF5550000-0x000007FEF5F3C000-memory.dmp

Filesize
9.9MB

Download
memory/2288-2-0x000000001B5A0000-0x000000001B620000-memory.dmp

Filesize
512KB

Download
memory/2288-3-0x000007FEF5550000-0x000007FEF5F3C000-memory.dmp

Filesize
9.9MB

Download
memory/2288-4-0x000000001B5A0000-0x000000001B620000-memory.dmp

Filesize
512KB

Download