d689c9722b0ceb904b2a3ffd4e308771085aae3ee4304f8e0cdbc03f70d0be7b

Analysis

max time kernel
120s
max time network
135s
platform
windows7_x64
resource
win7-20231215-en
resource tags

arch:x64arch:x86image:win7-20231215-enlocale:en-usos:windows7-x64system
submitted
04/01/2024, 22:53

Target

421fe3a91a867e935be16c92528dc54d.exe
Size

9KB
MD5

421fe3a91a867e935be16c92528dc54d
SHA1

8de71cfec51c2d664b64dd29cfd8818b68ed1cb1
SHA256

d689c9722b0ceb904b2a3ffd4e308771085aae3ee4304f8e0cdbc03f70d0be7b
SHA512

9d69038f2c987179f4d0508fe875e4eb83cdb008a722384976e5b9a7973cf35ee6e543e67854a3b999eb23791660e7359562a30b37e752b6f9c3907dd150d59a
SSDEEP

192:dONBksuHzHNQ9GeMZZ3y93Vnjdwqzd3OCZT:d/HaGeMeFnhwqJeCZ

Score

1^/10

Suspicious use of AdjustPrivilegeToken 1 IoCs

description	pid	Process
Token: SeDebugPrivilege	2944	421fe3a91a867e935be16c92528dc54d.exe

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 2944 wrote to memory of 1956	2944	421fe3a91a867e935be16c92528dc54d.exe	29
PID 2944 wrote to memory of 1956	2944	421fe3a91a867e935be16c92528dc54d.exe	29
PID 2944 wrote to memory of 1956	2944	421fe3a91a867e935be16c92528dc54d.exe	29

C:\Users\Admin\AppData\Local\Temp\421fe3a91a867e935be16c92528dc54d.exe
"C:\Users\Admin\AppData\Local\Temp\421fe3a91a867e935be16c92528dc54d.exe"
1⤵
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
PID:2944
- C:\Windows\system32\WerFault.exe
  C:\Windows\system32\WerFault.exe -u -p 2944 -s 904
  2⤵
  PID:1956

memory/2944-0-0x0000000000820000-0x0000000000828000-memory.dmp

Filesize
32KB

Download
memory/2944-1-0x000007FEF5D30000-0x000007FEF671C000-memory.dmp

Filesize
9.9MB

Download
memory/2944-2-0x000000001B1B0000-0x000000001B230000-memory.dmp

Filesize
512KB

Download
memory/2944-3-0x000007FEF5D30000-0x000007FEF671C000-memory.dmp

Filesize
9.9MB

Download
memory/2944-4-0x000000001B1B0000-0x000000001B230000-memory.dmp

Filesize
512KB

Download