93f5d53cbff88ca24d08fe65e0871c3dd07e316d834ae4da9ae22ef0b6e70789

Analysis

max time kernel
118s
max time network
123s
platform
windows7_x64
resource
win7-20231215-en
resource tags

arch:x64arch:x86image:win7-20231215-enlocale:en-usos:windows7-x64system
submitted
05-01-2024 03:25

Target

zzhx3xgq.exe
Size

1.5MB
MD5

a3e3d841cd7044897873378317693fdb
SHA1

80cbd7b77b0bedaa0f1cb80c007a45d84f5b0079
SHA256

89f4c5f07cb75c9a8859ffae41aadd4aa7da2fdea29e1241805a01ce317ca186
SHA512

9141fe371c73552bfba2412a2b9f3bed0ca7674da591b9fc0115dbc5d2a5b1439516d6b0dc7aefda1e03925adc894a29ef0179d7e65ca80afecbb43c8e96f1fd
SSDEEP

24576:Zrayc157T3W5JNaWm8oeGFhNzu60gDS0QOOuHbJ7mcx:ZcbQNA8oFFDD00QMHV7mcx

Score

1^/10

Suspicious behavior: EnumeratesProcesses 1 IoCs

pid	Process
3040	zzhx3xgq.exe

Suspicious use of AdjustPrivilegeToken 1 IoCs

description	pid	Process
Token: SeDebugPrivilege	3040	zzhx3xgq.exe

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 3040 wrote to memory of 2784	3040	zzhx3xgq.exe	28
PID 3040 wrote to memory of 2784	3040	zzhx3xgq.exe	28
PID 3040 wrote to memory of 2784	3040	zzhx3xgq.exe	28

C:\Users\Admin\AppData\Local\Temp\zzhx3xgq.exe
"C:\Users\Admin\AppData\Local\Temp\zzhx3xgq.exe"
1⤵
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
PID:3040
- C:\Windows\system32\WerFault.exe
  C:\Windows\system32\WerFault.exe -u -p 3040 -s 1236
  2⤵
  PID:2784

memory/3040-0-0x0000000000440000-0x000000000047E000-memory.dmp

Filesize
248KB

Download
memory/3040-1-0x000007FEF5D30000-0x000007FEF671C000-memory.dmp

Filesize
9.9MB

Download
memory/3040-2-0x000000001AEB0000-0x000000001AF30000-memory.dmp

Filesize
512KB

Download
memory/3040-3-0x000000001AEB0000-0x000000001AF30000-memory.dmp

Filesize
512KB

Download
memory/3040-4-0x000000001AEB0000-0x000000001AF30000-memory.dmp

Filesize
512KB

Download
memory/3040-5-0x000000001AEB0000-0x000000001AF30000-memory.dmp

Filesize
512KB

Download
memory/3040-9-0x000000001AEB0000-0x000000001AF30000-memory.dmp

Filesize
512KB

Download
memory/3040-10-0x000007FEF5D30000-0x000007FEF671C000-memory.dmp

Filesize
9.9MB

Download
memory/3040-11-0x000000001AEB0000-0x000000001AF30000-memory.dmp

Filesize
512KB

Download
memory/3040-12-0x000000001AEB0000-0x000000001AF30000-memory.dmp

Filesize
512KB

Download