f15887587358fdcf627c36036854f6150f46231caa9c067acc37e95115d2f5c0

Analysis

max time kernel
117s
max time network
134s
platform
windows7_x64
resource
win7-20231215-en
resource tags

arch:x64arch:x86image:win7-20231215-enlocale:en-usos:windows7-x64system
submitted
31/12/2023, 01:30

Target

22e7d7eaef930298587963b6b9462df9.exe
Size

5KB
MD5

22e7d7eaef930298587963b6b9462df9
SHA1

665cd75f37e0a9577899851e528cd9f2d320965f
SHA256

f15887587358fdcf627c36036854f6150f46231caa9c067acc37e95115d2f5c0
SHA512

9c551621f273955a52e9d0e1ceb9971b83a6d36c2891b91a05b6d204459a3916b99cf6aa14d826dbfd61ac20501634910132c2afbc5fe31d96c06d2c9b9adbeb
SSDEEP

48:6K9Yvuwg9KWxB4patCFWglUHX0Uj+bGyNz2AwuPC12uulKu9atqXSfbNtm:Eu3VxB4IKz++bGAKAwuK1Agu9aHzNt

Score

1^/10

Suspicious use of AdjustPrivilegeToken 1 IoCs

description	pid	Process
Token: SeDebugPrivilege	2320	22e7d7eaef930298587963b6b9462df9.exe

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 2320 wrote to memory of 1312	2320	22e7d7eaef930298587963b6b9462df9.exe	29
PID 2320 wrote to memory of 1312	2320	22e7d7eaef930298587963b6b9462df9.exe	29
PID 2320 wrote to memory of 1312	2320	22e7d7eaef930298587963b6b9462df9.exe	29

C:\Users\Admin\AppData\Local\Temp\22e7d7eaef930298587963b6b9462df9.exe
"C:\Users\Admin\AppData\Local\Temp\22e7d7eaef930298587963b6b9462df9.exe"
1⤵
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
PID:2320
- C:\Windows\system32\WerFault.exe
  C:\Windows\system32\WerFault.exe -u -p 2320 -s 868
  2⤵
  PID:1312

memory/2320-0-0x000000013F410000-0x000000013F416000-memory.dmp

Filesize
24KB

Download
memory/2320-1-0x000007FEF4FB0000-0x000007FEF599C000-memory.dmp

Filesize
9.9MB

Download
memory/2320-2-0x000000001BB40000-0x000000001BBC0000-memory.dmp

Filesize
512KB

Download
memory/2320-3-0x000007FEF4FB0000-0x000007FEF599C000-memory.dmp

Filesize
9.9MB

Download
memory/2320-4-0x000000001BB40000-0x000000001BBC0000-memory.dmp

Filesize
512KB

Download