8f9cfd72c3f30dce02a05621396db7e53beae281044a7535a5134adc800f47cb

Analysis

max time kernel
117s
max time network
125s
platform
windows7_x64
resource
win7-20231215-en
resource tags

arch:x64arch:x86image:win7-20231215-enlocale:en-usos:windows7-x64system
submitted
31/12/2023, 13:12

Target

377867130e0928b9cc8948205b138353.exe
Size

9KB
MD5

377867130e0928b9cc8948205b138353
SHA1

04227971be1ff40d4fee7a238e034f225ea69d7b
SHA256

8f9cfd72c3f30dce02a05621396db7e53beae281044a7535a5134adc800f47cb
SHA512

5b7b38009f2fbeab488e7d609586e7934e7a831b0f85d9954b85235f6b6d9aeb4c40d601f6785eaa1ef5bbce59b678dfcc19494f0522a03a8cc7f988facd0904
SSDEEP

192:oBksuz9MuIgmeMZZ3Y93Vnjdwqzg3aUu7E:NlRmeMsFnhwqMtU

Score

1^/10

Suspicious use of AdjustPrivilegeToken 1 IoCs

description	pid	Process
Token: SeDebugPrivilege	1684	377867130e0928b9cc8948205b138353.exe

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 1684 wrote to memory of 2180	1684	377867130e0928b9cc8948205b138353.exe	28
PID 1684 wrote to memory of 2180	1684	377867130e0928b9cc8948205b138353.exe	28
PID 1684 wrote to memory of 2180	1684	377867130e0928b9cc8948205b138353.exe	28

C:\Users\Admin\AppData\Local\Temp\377867130e0928b9cc8948205b138353.exe
"C:\Users\Admin\AppData\Local\Temp\377867130e0928b9cc8948205b138353.exe"
1⤵
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
PID:1684
- C:\Windows\system32\WerFault.exe
  C:\Windows\system32\WerFault.exe -u -p 1684 -s 900
  2⤵
  PID:2180

memory/1684-0-0x0000000000380000-0x0000000000388000-memory.dmp

Filesize
32KB

Download
memory/1684-1-0x000007FEF5D70000-0x000007FEF675C000-memory.dmp

Filesize
9.9MB

Download
memory/1684-2-0x000000001B5D0000-0x000000001B650000-memory.dmp

Filesize
512KB

Download
memory/1684-3-0x000007FEF5D70000-0x000007FEF675C000-memory.dmp

Filesize
9.9MB

Download
memory/1684-4-0x000000001B5D0000-0x000000001B650000-memory.dmp

Filesize
512KB

Download