e1523241c38bb59ef5aaac7740e8a39ae9f4e927613331bf9be6223a063bb798

Analysis

max time kernel
118s
max time network
123s
platform
windows7_x64
resource
win7-20231215-en
resource tags

arch:x64arch:x86image:win7-20231215-enlocale:en-usos:windows7-x64system
submitted
31/12/2023, 03:02

Target

259275371176b5ddd0ec9364c09472b4.exe
Size

9KB
MD5

259275371176b5ddd0ec9364c09472b4
SHA1

09f36015053ea7fd7a6b10d33d207e3a3f5df67c
SHA256

e1523241c38bb59ef5aaac7740e8a39ae9f4e927613331bf9be6223a063bb798
SHA512

02e7bced53214ce32df17aefc25945ae241713e224ccff31a81d27ccd5accc1e6427a4e0a4b24864a2183b8354507ca57b10ca662fe734e440e5a6579f1d5c81
SSDEEP

192:/BksunPY82gQv5F4NtqeMZZ3L93VnjdwCzr3qCAHC:J82l4NtqeMlFnhwC/6vH

Score

1^/10

Suspicious use of AdjustPrivilegeToken 1 IoCs

description	pid	Process
Token: SeDebugPrivilege	2916	259275371176b5ddd0ec9364c09472b4.exe

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 2916 wrote to memory of 2728	2916	259275371176b5ddd0ec9364c09472b4.exe	28
PID 2916 wrote to memory of 2728	2916	259275371176b5ddd0ec9364c09472b4.exe	28
PID 2916 wrote to memory of 2728	2916	259275371176b5ddd0ec9364c09472b4.exe	28

C:\Users\Admin\AppData\Local\Temp\259275371176b5ddd0ec9364c09472b4.exe
"C:\Users\Admin\AppData\Local\Temp\259275371176b5ddd0ec9364c09472b4.exe"
1⤵
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
PID:2916
- C:\Windows\system32\WerFault.exe
  C:\Windows\system32\WerFault.exe -u -p 2916 -s 904
  2⤵
  PID:2728

memory/2916-0-0x00000000012C0000-0x00000000012C8000-memory.dmp

Filesize
32KB

Download
memory/2916-1-0x000007FEF5B70000-0x000007FEF655C000-memory.dmp

Filesize
9.9MB

Download
memory/2916-2-0x000000001B500000-0x000000001B580000-memory.dmp

Filesize
512KB

Download
memory/2916-3-0x000007FEF5B70000-0x000007FEF655C000-memory.dmp

Filesize
9.9MB

Download
memory/2916-4-0x000000001B500000-0x000000001B580000-memory.dmp

Filesize
512KB

Download