25e93a09dbcf6bbcfd4ab5e55798eccd5a8c1ebc1cd6e423716599237574899d

Analysis

max time kernel
118s
max time network
143s
platform
windows7_x64
resource
win7-20231215-en
resource tags

arch:x64arch:x86image:win7-20231215-enlocale:en-usos:windows7-x64system
submitted
10/01/2024, 03:21

Target

4f70539c531aadf7f2cccda4a694fb3d.exe
Size

9KB
MD5

4f70539c531aadf7f2cccda4a694fb3d
SHA1

3b2e900fad129b2fb597302dc13c696599570374
SHA256

25e93a09dbcf6bbcfd4ab5e55798eccd5a8c1ebc1cd6e423716599237574899d
SHA512

0427ec60479f81682c96fc2bbcde37104f89964ac97829ceb3aece7fbdf060822d1d3d668e7bd242d674310218fd96d6d13e7055c3c90af99aa075409cb1b9af
SSDEEP

192:9BksuLPY82gQv5F4QtZeMZZ3+93VnjdwCzV3pMPnZ:L82l4QtZeMCFnhwCpCP

Score

1^/10

Suspicious use of AdjustPrivilegeToken 1 IoCs

description	pid	Process
Token: SeDebugPrivilege	2808	4f70539c531aadf7f2cccda4a694fb3d.exe

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 2808 wrote to memory of 2300	2808	4f70539c531aadf7f2cccda4a694fb3d.exe	29
PID 2808 wrote to memory of 2300	2808	4f70539c531aadf7f2cccda4a694fb3d.exe	29
PID 2808 wrote to memory of 2300	2808	4f70539c531aadf7f2cccda4a694fb3d.exe	29

C:\Users\Admin\AppData\Local\Temp\4f70539c531aadf7f2cccda4a694fb3d.exe
"C:\Users\Admin\AppData\Local\Temp\4f70539c531aadf7f2cccda4a694fb3d.exe"
1⤵
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
PID:2808
- C:\Windows\system32\WerFault.exe
  C:\Windows\system32\WerFault.exe -u -p 2808 -s 908
  2⤵
  PID:2300

memory/2808-0-0x0000000001370000-0x0000000001378000-memory.dmp

Filesize
32KB

Download
memory/2808-1-0x000007FEF5220000-0x000007FEF5C0C000-memory.dmp

Filesize
9.9MB

Download
memory/2808-2-0x000000001A830000-0x000000001A8B0000-memory.dmp

Filesize
512KB

Download
memory/2808-3-0x000007FEF5220000-0x000007FEF5C0C000-memory.dmp

Filesize
9.9MB

Download
memory/2808-4-0x000000001A830000-0x000000001A8B0000-memory.dmp

Filesize
512KB

Download