74304575e12862d0c11c52ec8a981b941391e7e272fa253a62c612165ae78f8d

Analysis

max time kernel
117s
max time network
121s
platform
windows7_x64
resource
win7-20231215-en
resource tags

arch:x64arch:x86image:win7-20231215-enlocale:en-usos:windows7-x64system
submitted
11/01/2024, 14:24

Target

53c1a5745bbb153e47b87d8f9efa152f.exe
Size

9KB
MD5

53c1a5745bbb153e47b87d8f9efa152f
SHA1

23f0c8e4e9ba20b05760652a748351f2590ac910
SHA256

74304575e12862d0c11c52ec8a981b941391e7e272fa253a62c612165ae78f8d
SHA512

5c4308df9705807e5c685f22e4d48cbcc41ec95547c47604182cfa6db7f158b45e8b712308ad261ea4a9def4aa0d7c1934d91a3628208f550ab320d9d22bb4c7
SSDEEP

192:xBksurzHNQDGeMZZ3C93Vnjdwqz336QSvC:OH8GeMeFnhwqbqRv

Score

1^/10

Suspicious use of AdjustPrivilegeToken 1 IoCs

description	pid	Process
Token: SeDebugPrivilege	2224	53c1a5745bbb153e47b87d8f9efa152f.exe

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 2224 wrote to memory of 2564	2224	53c1a5745bbb153e47b87d8f9efa152f.exe	30
PID 2224 wrote to memory of 2564	2224	53c1a5745bbb153e47b87d8f9efa152f.exe	30
PID 2224 wrote to memory of 2564	2224	53c1a5745bbb153e47b87d8f9efa152f.exe	30

C:\Users\Admin\AppData\Local\Temp\53c1a5745bbb153e47b87d8f9efa152f.exe
"C:\Users\Admin\AppData\Local\Temp\53c1a5745bbb153e47b87d8f9efa152f.exe"
1⤵
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
PID:2224
- C:\Windows\system32\WerFault.exe
  C:\Windows\system32\WerFault.exe -u -p 2224 -s 900
  2⤵
  PID:2564

memory/2224-0-0x0000000000F60000-0x0000000000F68000-memory.dmp

Filesize
32KB

Download
memory/2224-1-0x000007FEF5A20000-0x000007FEF640C000-memory.dmp

Filesize
9.9MB

Download
memory/2224-2-0x000000001B170000-0x000000001B1F0000-memory.dmp

Filesize
512KB

Download
memory/2224-3-0x000007FEF5A20000-0x000007FEF640C000-memory.dmp

Filesize
9.9MB

Download
memory/2224-4-0x000000001B170000-0x000000001B1F0000-memory.dmp

Filesize
512KB

Download