ececb5d9a7a83abf153c9c9caf93b0659fc8b2bb317feaa1e678f98d9f36ebc3

Analysis

max time kernel
118s
max time network
118s
platform
windows7_x64
resource
win7-20231215-en
resource tags

arch:x64arch:x86image:win7-20231215-enlocale:en-usos:windows7-x64system
submitted
08/01/2024, 22:33

Target

4ca010fb899a6fdbd37971146304201d.exe
Size

9KB
MD5

4ca010fb899a6fdbd37971146304201d
SHA1

eec405324e1f30b47d07ebd9971d9869fa8ecd6f
SHA256

ececb5d9a7a83abf153c9c9caf93b0659fc8b2bb317feaa1e678f98d9f36ebc3
SHA512

9c1ebcfceceebd96551923387a61cdc4f3399e3a0e9da80beaba3e33dafe1ae1cc24fb8c44ce9d5a00ad9bc4cc5a11288df675729f932216f7a40f195ce54d33
SSDEEP

192:GBksurEXVwVWweMZZ3V93VnjdwCz53riV:yVwoweM3FnhwClG

Score

1^/10

Suspicious use of AdjustPrivilegeToken 1 IoCs

description	pid	Process
Token: SeDebugPrivilege	1904	4ca010fb899a6fdbd37971146304201d.exe

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 1904 wrote to memory of 2976	1904	4ca010fb899a6fdbd37971146304201d.exe	28
PID 1904 wrote to memory of 2976	1904	4ca010fb899a6fdbd37971146304201d.exe	28
PID 1904 wrote to memory of 2976	1904	4ca010fb899a6fdbd37971146304201d.exe	28

C:\Users\Admin\AppData\Local\Temp\4ca010fb899a6fdbd37971146304201d.exe
"C:\Users\Admin\AppData\Local\Temp\4ca010fb899a6fdbd37971146304201d.exe"
1⤵
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
PID:1904
- C:\Windows\system32\WerFault.exe
  C:\Windows\system32\WerFault.exe -u -p 1904 -s 892
  2⤵
  PID:2976

memory/1904-0-0x00000000012E0000-0x00000000012E8000-memory.dmp

Filesize
32KB

Download
memory/1904-1-0x000007FEF5EF0000-0x000007FEF68DC000-memory.dmp

Filesize
9.9MB

Download
memory/1904-2-0x000000001B440000-0x000000001B4C0000-memory.dmp

Filesize
512KB

Download
memory/1904-3-0x000007FEF5EF0000-0x000007FEF68DC000-memory.dmp

Filesize
9.9MB

Download
memory/1904-4-0x000000001B440000-0x000000001B4C0000-memory.dmp

Filesize
512KB

Download