64f9f3bbb59492b27016b3fbf816a9c25f1e150cbe002221eda4ce60abb27975

Analysis

max time kernel
117s
max time network
119s
platform
windows7_x64
resource
win7-20231129-en
resource tags

arch:x64arch:x86image:win7-20231129-enlocale:en-usos:windows7-x64system
submitted
01/01/2024, 18:21

Target

3d8bdc5e06e590917ceb7f05595c9c59.exe
Size

9KB
MD5

3d8bdc5e06e590917ceb7f05595c9c59
SHA1

cb3d3e59be75f22261f278a8594eb5e5dd2e863c
SHA256

64f9f3bbb59492b27016b3fbf816a9c25f1e150cbe002221eda4ce60abb27975
SHA512

0ddf6d4faf94e0ec1fa0f1ab229fb111e647f56c6f0bfe7a8578bce0eaec519a2dd5c9854d79991f9757de87cd4e192603eb743f244d94ea6b939332663ab5f4
SSDEEP

192:lBksubPY82gQv5F4ftCeMZZ3D93VnjdwCz993gxIAM8:D82l4ftCeMFFnhwCh9r

Score

1^/10

Suspicious use of AdjustPrivilegeToken 1 IoCs

description	pid	Process
Token: SeDebugPrivilege	2976	3d8bdc5e06e590917ceb7f05595c9c59.exe

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 2976 wrote to memory of 2240	2976	3d8bdc5e06e590917ceb7f05595c9c59.exe	28
PID 2976 wrote to memory of 2240	2976	3d8bdc5e06e590917ceb7f05595c9c59.exe	28
PID 2976 wrote to memory of 2240	2976	3d8bdc5e06e590917ceb7f05595c9c59.exe	28

C:\Users\Admin\AppData\Local\Temp\3d8bdc5e06e590917ceb7f05595c9c59.exe
"C:\Users\Admin\AppData\Local\Temp\3d8bdc5e06e590917ceb7f05595c9c59.exe"
1⤵
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
PID:2976
- C:\Windows\system32\WerFault.exe
  C:\Windows\system32\WerFault.exe -u -p 2976 -s 892
  2⤵
  PID:2240

memory/2976-0-0x0000000000EB0000-0x0000000000EB8000-memory.dmp

Filesize
32KB

Download
memory/2976-1-0x000007FEF5FC0000-0x000007FEF69AC000-memory.dmp

Filesize
9.9MB

Download
memory/2976-2-0x000000001B470000-0x000000001B4F0000-memory.dmp

Filesize
512KB

Download
memory/2976-3-0x000007FEF5FC0000-0x000007FEF69AC000-memory.dmp

Filesize
9.9MB

Download
memory/2976-4-0x000000001B470000-0x000000001B4F0000-memory.dmp

Filesize
512KB

Download