3ec93ad265bf1dc7af17add6d3a00ac2cc2e5c2ba43cc2b583fedb06479b074e

Analysis

max time kernel
143s
max time network
148s
platform
windows10-2004_x64
resource
win10v2004-20231215-en
resource tags

arch:x64arch:x86image:win10v2004-20231215-enlocale:en-usos:windows10-2004-x64system
submitted
08/01/2024, 06:32

Target

4ab0e59613a1033479119fe05dbe1812.exe
Size

47KB
MD5

4ab0e59613a1033479119fe05dbe1812
SHA1

0b257e4a6ecae57ac9e35fdbeaccaba26d57b344
SHA256

3ec93ad265bf1dc7af17add6d3a00ac2cc2e5c2ba43cc2b583fedb06479b074e
SHA512

cfd240e58d61db535085a73a98fa1f90031cfe1d867891c0b4a0ddf01752c62a7d83e1d042460f129625fc71c1979aa3b250725263b1f0b088cf800305b0e767
SSDEEP

768:tKkeeHgqyVdzHSNPcNNgSfBNy/YdRsEkN4JBdMQ9yy5Cln:tKMgosNgOBNquA43zgy50n

Score

7^/10

upx

UPX packed file 2 IoCs

Detects executables packed with UPX/modified UPX open source packer.

resource	yara_rule
behavioral2/memory/2524-0-0x0000000000400000-0x000000000040E000-memory.dmp	upx
behavioral2/memory/2524-1-0x0000000000400000-0x000000000040E000-memory.dmp	upx

Program crash 1 IoCs

pid	pid_target	Process	procid_target
4724	2524	WerFault.exe	14

Suspicious use of AdjustPrivilegeToken 1 IoCs

description	pid	Process
Token: SeDebugPrivilege	2524	4ab0e59613a1033479119fe05dbe1812.exe

C:\Users\Admin\AppData\Local\Temp\4ab0e59613a1033479119fe05dbe1812.exe
"C:\Users\Admin\AppData\Local\Temp\4ab0e59613a1033479119fe05dbe1812.exe"
1⤵
- Suspicious use of AdjustPrivilegeToken
PID:2524
- C:\Windows\SysWOW64\WerFault.exe
  C:\Windows\SysWOW64\WerFault.exe -u -p 2524 -s 380
  2⤵
  - Program crash
  PID:4724

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 460 -p 2524 -ip 2524
1⤵
PID:3864

memory/2524-0-0x0000000000400000-0x000000000040E000-memory.dmp

Filesize
56KB

Download
memory/2524-1-0x0000000000400000-0x000000000040E000-memory.dmp

Filesize
56KB

Download