dc12b54de682c2a8c2d3fd6a55f18bddd89fd07712e3ff6d8b7708ec1aebae5d

Analysis

max time kernel
119s
max time network
126s
platform
windows7_x64
resource
win7-20231215-en
resource tags

arch:x64arch:x86image:win7-20231215-enlocale:en-usos:windows7-x64system
submitted
12-01-2024 03:12

Target

55544531420f82af9644d6ace1f61331.exe
Size

9KB
MD5

55544531420f82af9644d6ace1f61331
SHA1

a30bf396f3490b1bad029b1c37c7b3b672770aae
SHA256

dc12b54de682c2a8c2d3fd6a55f18bddd89fd07712e3ff6d8b7708ec1aebae5d
SHA512

6b6de861d7fa7e224c191529bd69679576b1c7aa103b77e73d1eef993f96e849a64f2d2caf4d8a45f657638d12ac6be0d8349ced91438856b2b58fcaa8425e38
SSDEEP

192:SBksuPzHNQAePeMZZ3193Vnjdwqz613RT3:VHdePeMfFnhwq8B

Score

1^/10

Suspicious use of AdjustPrivilegeToken 1 IoCs

description	pid	Process
Token: SeDebugPrivilege	2076	55544531420f82af9644d6ace1f61331.exe

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 2076 wrote to memory of 3036	2076	55544531420f82af9644d6ace1f61331.exe	28
PID 2076 wrote to memory of 3036	2076	55544531420f82af9644d6ace1f61331.exe	28
PID 2076 wrote to memory of 3036	2076	55544531420f82af9644d6ace1f61331.exe	28

C:\Users\Admin\AppData\Local\Temp\55544531420f82af9644d6ace1f61331.exe
"C:\Users\Admin\AppData\Local\Temp\55544531420f82af9644d6ace1f61331.exe"
1⤵
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
PID:2076
- C:\Windows\system32\WerFault.exe
  C:\Windows\system32\WerFault.exe -u -p 2076 -s 900
  2⤵
  PID:3036

memory/2076-0-0x00000000011B0000-0x00000000011B8000-memory.dmp

Filesize
32KB

Download
memory/2076-1-0x000007FEF5E10000-0x000007FEF67FC000-memory.dmp

Filesize
9.9MB

Download
memory/2076-2-0x000000001B3E0000-0x000000001B460000-memory.dmp

Filesize
512KB

Download
memory/2076-3-0x000007FEF5E10000-0x000007FEF67FC000-memory.dmp

Filesize
9.9MB

Download
memory/2076-4-0x000000001B3E0000-0x000000001B460000-memory.dmp

Filesize
512KB

Download