a4b628f37c3e8ad56fc0fa9064f81fbc4863280d8326f1fea1c6284af8f03617

Analysis

max time kernel
118s
max time network
122s
platform
windows7_x64
resource
win7-20231215-en
resource tags

arch:x64arch:x86image:win7-20231215-enlocale:en-usos:windows7-x64system
submitted
08/01/2024, 07:08

Target

4ac4278f5d5ac539d7882059ba2788c3.exe
Size

9KB
MD5

4ac4278f5d5ac539d7882059ba2788c3
SHA1

bd04e888aeb213c86bb58d9c94f43aa334263d54
SHA256

a4b628f37c3e8ad56fc0fa9064f81fbc4863280d8326f1fea1c6284af8f03617
SHA512

4fa97fdc0297411109ec2c0e1083c3c2c1d9fa21286792fda91727fb345bfd232c258888330f344fb925da25322613886061fec142eb76e348581a1365ca7ac8
SSDEEP

192:aBksuzPY82gQv5F48tVeMZZ3C93VnjdwCzd3BIlU9:a82l48tVeM+FnhwCZ0

Score

1^/10

Suspicious use of AdjustPrivilegeToken 1 IoCs

description	pid	Process
Token: SeDebugPrivilege	3056	4ac4278f5d5ac539d7882059ba2788c3.exe

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 3056 wrote to memory of 2608	3056	4ac4278f5d5ac539d7882059ba2788c3.exe	30
PID 3056 wrote to memory of 2608	3056	4ac4278f5d5ac539d7882059ba2788c3.exe	30
PID 3056 wrote to memory of 2608	3056	4ac4278f5d5ac539d7882059ba2788c3.exe	30

C:\Users\Admin\AppData\Local\Temp\4ac4278f5d5ac539d7882059ba2788c3.exe
"C:\Users\Admin\AppData\Local\Temp\4ac4278f5d5ac539d7882059ba2788c3.exe"
1⤵
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
PID:3056
- C:\Windows\system32\WerFault.exe
  C:\Windows\system32\WerFault.exe -u -p 3056 -s 896
  2⤵
  PID:2608

memory/3056-0-0x00000000011B0000-0x00000000011B8000-memory.dmp

Filesize
32KB

Download
memory/3056-1-0x000007FEF5D30000-0x000007FEF671C000-memory.dmp

Filesize
9.9MB

Download
memory/3056-2-0x0000000000DD0000-0x0000000000E50000-memory.dmp

Filesize
512KB

Download
memory/3056-3-0x000007FEF5D30000-0x000007FEF671C000-memory.dmp

Filesize
9.9MB

Download
memory/3056-4-0x0000000000DD0000-0x0000000000E50000-memory.dmp

Filesize
512KB

Download