bdc3c1553bbc7656e1b1337b116c64ad5d3c6e92b9c59a88e8695c08cbd1a96e

Analysis

max time kernel
162s
max time network
173s
platform
windows10-2004_x64
resource
win10v2004-20231215-en
resource tags

arch:x64arch:x86image:win10v2004-20231215-enlocale:en-usos:windows10-2004-x64system
submitted
12/01/2024, 07:03

Target

55cc21ce1beae463a4a6a9c9296e29b8.exe
Size

27KB
MD5

55cc21ce1beae463a4a6a9c9296e29b8
SHA1

9ffa06a816471e53253f4403ecf254b3c61b4107
SHA256

bdc3c1553bbc7656e1b1337b116c64ad5d3c6e92b9c59a88e8695c08cbd1a96e
SHA512

5703e67e392fc670ebcad5431dbc966bc38e3fbe3003021bf9324e7da0e1c65f92dea81201910fcd7d77bd69b0ce3aad14ed5f353aa148a37e52fa558cd48241
SSDEEP

768:G8aKH1BMPGjlqVg19YILWjujkfEwAXKGomAoli3Lb:yKH1B0Gjlag17Wk2Ew2KG1A33n

Score

7^/10

Loads dropped DLL 1 IoCs

pid	Process
5028	regsvr32.exe

Drops file in System32 directory 3 IoCs

description	ioc	Process
File opened for modification	C:\Windows\SysWOW64\rpcss.dll	regsvr32.exe
File created	C:\Windows\SysWOW64\t329155.ini	55cc21ce1beae463a4a6a9c9296e29b8.exe
File created	C:\Windows\SysWOW64\rpcss.dll	regsvr32.exe

Program crash 1 IoCs

pid	pid_target	Process	procid_target
2364	5028	WerFault.exe	95

Suspicious behavior: EnumeratesProcesses 6 IoCs

Suspicious use of AdjustPrivilegeToken 1 IoCs

description	pid	Process
Token: SeDebugPrivilege	5028	regsvr32.exe

Suspicious use of WriteProcessMemory 6 IoCs

description	pid	Process	procid_target
PID 2692 wrote to memory of 716	2692	55cc21ce1beae463a4a6a9c9296e29b8.exe	93
PID 2692 wrote to memory of 716	2692	55cc21ce1beae463a4a6a9c9296e29b8.exe	93
PID 2692 wrote to memory of 716	2692	55cc21ce1beae463a4a6a9c9296e29b8.exe	93
PID 716 wrote to memory of 5028	716	cmd.exe	95
PID 716 wrote to memory of 5028	716	cmd.exe	95
PID 716 wrote to memory of 5028	716	cmd.exe	95

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 440 -p 5028 -ip 5028
1⤵
PID:4344

C:\Users\Admin\AppData\Local\Temp\~~e5875e7.~~~

Filesize
612KB

MD5
9bae5cbb2ee273a7ac473bab0d1b1f72

SHA1
a5ed4005e20b83fcdc5497f41d777fb8260d5cb3

SHA256
d29ad5e7f4c4b4199a95fd1bb58889c48cb6b88c9185855a619e52d09e7c2b2c

SHA512
0bd92e8f49d7a7ca7f8a7b82d6e124ab2631848056a9cbb494d6f7fbc122f2cc9a323e97b624f88239005a26cb433594159bbe734890277b06b1ff0386a024ce

Download Submit