dd415efa6754c8bbab04671571637809ddcdec6a179932f16c0c8819efab1d82

Analysis

max time kernel
122s
max time network
124s
platform
windows7_x64
resource
win7-20231129-en
resource tags

arch:x64arch:x86image:win7-20231129-enlocale:en-usos:windows7-x64system
submitted
11/01/2024, 07:56

Target

52f6cefaf2b93a55d56c91aa81f295f3.exe
Size

9KB
MD5

52f6cefaf2b93a55d56c91aa81f295f3
SHA1

ca623cb820dadf99659966ef49d13d8599362536
SHA256

dd415efa6754c8bbab04671571637809ddcdec6a179932f16c0c8819efab1d82
SHA512

2d1b950888f210787eb42de3556141e958d0c66e3c167a0c5661eb6a78b31bde4f2a4542318e37692e238acfb3d824ec6845fc619bedfacdb0590c37a8edd964
SSDEEP

192:NBksu/rN3y+CAyeMZZ3d93VnjdwCzB3L8UnKT9T:iZ/yeM/FnhwClkT

Score

1^/10

Suspicious use of AdjustPrivilegeToken 1 IoCs

description	pid	Process
Token: SeDebugPrivilege	3020	52f6cefaf2b93a55d56c91aa81f295f3.exe

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 3020 wrote to memory of 3044	3020	52f6cefaf2b93a55d56c91aa81f295f3.exe	28
PID 3020 wrote to memory of 3044	3020	52f6cefaf2b93a55d56c91aa81f295f3.exe	28
PID 3020 wrote to memory of 3044	3020	52f6cefaf2b93a55d56c91aa81f295f3.exe	28

C:\Users\Admin\AppData\Local\Temp\52f6cefaf2b93a55d56c91aa81f295f3.exe
"C:\Users\Admin\AppData\Local\Temp\52f6cefaf2b93a55d56c91aa81f295f3.exe"
1⤵
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
PID:3020
- C:\Windows\system32\WerFault.exe
  C:\Windows\system32\WerFault.exe -u -p 3020 -s 896
  2⤵
  PID:3044

memory/3020-0-0x00000000010F0000-0x00000000010F8000-memory.dmp

Filesize
32KB

Download
memory/3020-1-0x000007FEF53E0000-0x000007FEF5DCC000-memory.dmp

Filesize
9.9MB

Download
memory/3020-2-0x000000001B120000-0x000000001B1A0000-memory.dmp

Filesize
512KB

Download
memory/3020-3-0x000007FEF53E0000-0x000007FEF5DCC000-memory.dmp

Filesize
9.9MB

Download
memory/3020-4-0x000000001B120000-0x000000001B1A0000-memory.dmp

Filesize
512KB

Download