98dae10ace8c85fb4778aebf9a2ece4d12c1f31988b068ca314c3905efe1741e

Analysis

max time kernel
142s
max time network
156s
platform
windows7_x64
resource
win7-20231215-en
resource tags

arch:x64arch:x86image:win7-20231215-enlocale:en-usos:windows7-x64system
submitted
02-01-2024 00:51

Target

3e4dffb3db050f2787b7ff6f0327e134.exe
Size

9KB
MD5

3e4dffb3db050f2787b7ff6f0327e134
SHA1

5a2a0eb7fcf849053e00833b9320450a4f7696ec
SHA256

98dae10ace8c85fb4778aebf9a2ece4d12c1f31988b068ca314c3905efe1741e
SHA512

86b22663841d0d949b6170d90cd4b08f6cefd82e34bc9fa5328aa7bb872dcb8cae1995162ff4ccb47f7272159a52788497e69f2591c40b59bc694ff5ea80716f
SSDEEP

192:lBksuDEXVwV3HueMZZ3P93VnjdwCzF3pQQceX4:PVwRueMhFnhwCB5G4

Score

1^/10

Suspicious use of AdjustPrivilegeToken 1 IoCs

description	pid	Process
Token: SeDebugPrivilege	2616	3e4dffb3db050f2787b7ff6f0327e134.exe

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 2616 wrote to memory of 2240	2616	3e4dffb3db050f2787b7ff6f0327e134.exe	29
PID 2616 wrote to memory of 2240	2616	3e4dffb3db050f2787b7ff6f0327e134.exe	29
PID 2616 wrote to memory of 2240	2616	3e4dffb3db050f2787b7ff6f0327e134.exe	29

C:\Users\Admin\AppData\Local\Temp\3e4dffb3db050f2787b7ff6f0327e134.exe
"C:\Users\Admin\AppData\Local\Temp\3e4dffb3db050f2787b7ff6f0327e134.exe"
1⤵
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
PID:2616
- C:\Windows\system32\WerFault.exe
  C:\Windows\system32\WerFault.exe -u -p 2616 -s 904
  2⤵
  PID:2240

memory/2616-0-0x0000000001250000-0x0000000001258000-memory.dmp

Filesize
32KB

Download
memory/2616-1-0x000007FEF5C00000-0x000007FEF65EC000-memory.dmp

Filesize
9.9MB

Download
memory/2616-2-0x000007FEF5C00000-0x000007FEF65EC000-memory.dmp

Filesize
9.9MB

Download
memory/2616-3-0x000000001AD40000-0x000000001ADC0000-memory.dmp

Filesize
512KB

Download
memory/2616-4-0x000000001AD40000-0x000000001ADC0000-memory.dmp

Filesize
512KB

Download