2802e829ceb8f30a8ee038582c372935d527e645dbc09386229d712b3c40547d

Analysis

max time kernel
117s
max time network
122s
platform
windows7_x64
resource
win7-20231215-en
resource tags

arch:x64arch:x86image:win7-20231215-enlocale:en-usos:windows7-x64system
submitted
31-12-2023 14:40

Target

3a1c9c8fcde74660b0e9c85eb9e803c1.exe
Size

9KB
MD5

3a1c9c8fcde74660b0e9c85eb9e803c1
SHA1

0e7f9b7f609a5c4f2ad9249b65684f4ce85f00ab
SHA256

2802e829ceb8f30a8ee038582c372935d527e645dbc09386229d712b3c40547d
SHA512

d382b4587d85e58a74e96924c8bfe7481bacdf0082d568d2c513ad70b7340b97eb93d77e7d1851d412c4d179bd240cba4b1717f7300f7b7e97d3137397dbf349
SSDEEP

192:bBksuvPY82gQv5F42tMeMZZ3N93VnjdwCzCk3HZJWO:N82l42tMeMPFnhwC+kXZJW

Score

1^/10

Suspicious use of AdjustPrivilegeToken 1 IoCs

description	pid	Process
Token: SeDebugPrivilege	2032	3a1c9c8fcde74660b0e9c85eb9e803c1.exe

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 2032 wrote to memory of 2684	2032	3a1c9c8fcde74660b0e9c85eb9e803c1.exe	29
PID 2032 wrote to memory of 2684	2032	3a1c9c8fcde74660b0e9c85eb9e803c1.exe	29
PID 2032 wrote to memory of 2684	2032	3a1c9c8fcde74660b0e9c85eb9e803c1.exe	29

C:\Users\Admin\AppData\Local\Temp\3a1c9c8fcde74660b0e9c85eb9e803c1.exe
"C:\Users\Admin\AppData\Local\Temp\3a1c9c8fcde74660b0e9c85eb9e803c1.exe"
1⤵
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
PID:2032
- C:\Windows\system32\WerFault.exe
  C:\Windows\system32\WerFault.exe -u -p 2032 -s 896
  2⤵
  PID:2684

memory/2032-0-0x00000000011E0000-0x00000000011E8000-memory.dmp

Filesize
32KB

Download
memory/2032-1-0x000007FEF5560000-0x000007FEF5F4C000-memory.dmp

Filesize
9.9MB

Download
memory/2032-2-0x0000000000B90000-0x0000000000C10000-memory.dmp

Filesize
512KB

Download
memory/2032-3-0x000007FEF5560000-0x000007FEF5F4C000-memory.dmp

Filesize
9.9MB

Download
memory/2032-4-0x0000000000B90000-0x0000000000C10000-memory.dmp

Filesize
512KB

Download