9587e7ef82c4a8a5c1d013b14d4705c1683fa441292447fe030bc936ccf8d5f6

Analysis

max time kernel
117s
max time network
121s
platform
windows7_x64
resource
win7-20231215-en
resource tags

arch:x64arch:x86image:win7-20231215-enlocale:en-usos:windows7-x64system
submitted
10/01/2024, 18:48

Target

51538cc5c14b5b1fc765b2c4393f137b.exe
Size

9KB
MD5

51538cc5c14b5b1fc765b2c4393f137b
SHA1

59f5d3eb275da65dcc9b36a8d3652055fc6df8f3
SHA256

9587e7ef82c4a8a5c1d013b14d4705c1683fa441292447fe030bc936ccf8d5f6
SHA512

c19153cead744133465f9df40c9b692914ef8c8268893df5422d4ff67f794eaae6560d357c1ce81dcfa043cb94ccfb574da72f07df4b9f3a0f83fb60753e2b40
SSDEEP

192:6Bksu/rN3y+xLeMZZ3293VnjdwCz73l89m:FZLLeMaFnhwC329

Score

1^/10

Suspicious use of AdjustPrivilegeToken 1 IoCs

description	pid	Process
Token: SeDebugPrivilege	2208	51538cc5c14b5b1fc765b2c4393f137b.exe

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 2208 wrote to memory of 2524	2208	51538cc5c14b5b1fc765b2c4393f137b.exe	30
PID 2208 wrote to memory of 2524	2208	51538cc5c14b5b1fc765b2c4393f137b.exe	30
PID 2208 wrote to memory of 2524	2208	51538cc5c14b5b1fc765b2c4393f137b.exe	30

C:\Users\Admin\AppData\Local\Temp\51538cc5c14b5b1fc765b2c4393f137b.exe
"C:\Users\Admin\AppData\Local\Temp\51538cc5c14b5b1fc765b2c4393f137b.exe"
1⤵
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
PID:2208
- C:\Windows\system32\WerFault.exe
  C:\Windows\system32\WerFault.exe -u -p 2208 -s 900
  2⤵
  PID:2524

memory/2208-0-0x0000000000DA0000-0x0000000000DA8000-memory.dmp

Filesize
32KB

Download
memory/2208-1-0x000007FEF5A20000-0x000007FEF640C000-memory.dmp

Filesize
9.9MB

Download
memory/2208-2-0x0000000000710000-0x0000000000790000-memory.dmp

Filesize
512KB

Download
memory/2208-3-0x000007FEF5A20000-0x000007FEF640C000-memory.dmp

Filesize
9.9MB

Download
memory/2208-4-0x0000000000710000-0x0000000000790000-memory.dmp

Filesize
512KB

Download