b5b742e349988441a7207878c3f557ab954bbbd873a0b71348c17d41b64ae7a0

Analysis

max time kernel
122s
max time network
127s
platform
windows7_x64
resource
win7-20231215-en
resource tags

arch:x64arch:x86image:win7-20231215-enlocale:en-usos:windows7-x64system
submitted
31/12/2023, 03:20

Target

2627f2902ab033ea3895e8c427c82f26.exe
Size

9KB
MD5

2627f2902ab033ea3895e8c427c82f26
SHA1

3977ec60c87e306ef621ae01e6db7c762265f78a
SHA256

b5b742e349988441a7207878c3f557ab954bbbd873a0b71348c17d41b64ae7a0
SHA512

ea45c67c8605ef760d22d9c5b0c028b2dbe63e17d4d53ee2e48a423c79cdf30611a7e62ef0866dbe51232cfc658a86d3d6db789018ef5915ddb6b04db7ac99f8
SSDEEP

192:WBksujPY82gQv5F40tzeMZZ3E93VnjdwCzp346FuIF7:+82l40tzeMoFnhwCtVFdF

Score

1^/10

Suspicious use of AdjustPrivilegeToken 1 IoCs

description	pid	Process
Token: SeDebugPrivilege	1444	2627f2902ab033ea3895e8c427c82f26.exe

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 1444 wrote to memory of 2940	1444	2627f2902ab033ea3895e8c427c82f26.exe	28
PID 1444 wrote to memory of 2940	1444	2627f2902ab033ea3895e8c427c82f26.exe	28
PID 1444 wrote to memory of 2940	1444	2627f2902ab033ea3895e8c427c82f26.exe	28

C:\Users\Admin\AppData\Local\Temp\2627f2902ab033ea3895e8c427c82f26.exe
"C:\Users\Admin\AppData\Local\Temp\2627f2902ab033ea3895e8c427c82f26.exe"
1⤵
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
PID:1444
- C:\Windows\system32\WerFault.exe
  C:\Windows\system32\WerFault.exe -u -p 1444 -s 896
  2⤵
  PID:2940

memory/1444-0-0x0000000000FC0000-0x0000000000FC8000-memory.dmp

Filesize
32KB

Download
memory/1444-1-0x000007FEF5F60000-0x000007FEF694C000-memory.dmp

Filesize
9.9MB

Download
memory/1444-2-0x000000001B440000-0x000000001B4C0000-memory.dmp

Filesize
512KB

Download
memory/1444-3-0x000007FEF5F60000-0x000007FEF694C000-memory.dmp

Filesize
9.9MB

Download
memory/1444-4-0x000000001B440000-0x000000001B4C0000-memory.dmp

Filesize
512KB

Download