6abf8ba4cf7e8ddbdce67f99d4c8e3aabbd5117596cf04c35f65cbda2a47b035

Analysis

max time kernel
122s
max time network
126s
platform
windows7_x64
resource
win7-20231215-en
resource tags

arch:x64arch:x86image:win7-20231215-enlocale:en-usos:windows7-x64system
submitted
12/01/2024, 12:58

Target

5685b8a515f3a691b988df23a4ac4a9c.exe
Size

9KB
MD5

5685b8a515f3a691b988df23a4ac4a9c
SHA1

d0116605938d9973bb8f75f2545b846b285ae53e
SHA256

6abf8ba4cf7e8ddbdce67f99d4c8e3aabbd5117596cf04c35f65cbda2a47b035
SHA512

57055212cc0fd9784ee2efa66e84d73e9265bda755cc03e493117d75e49a82d7c087f91adba392bbc5255eabef5186c4b324b917b5c2d94908f50aba82415abb
SSDEEP

192:lOpBksuHrN3y+VdeMZZ3E93VnjdwCzx3tcw:lrZHdeMoFnhwC9dc

Score

1^/10

Suspicious use of AdjustPrivilegeToken 1 IoCs

description	pid	Process
Token: SeDebugPrivilege	1064	5685b8a515f3a691b988df23a4ac4a9c.exe

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 1064 wrote to memory of 2848	1064	5685b8a515f3a691b988df23a4ac4a9c.exe	28
PID 1064 wrote to memory of 2848	1064	5685b8a515f3a691b988df23a4ac4a9c.exe	28
PID 1064 wrote to memory of 2848	1064	5685b8a515f3a691b988df23a4ac4a9c.exe	28

C:\Users\Admin\AppData\Local\Temp\5685b8a515f3a691b988df23a4ac4a9c.exe
"C:\Users\Admin\AppData\Local\Temp\5685b8a515f3a691b988df23a4ac4a9c.exe"
1⤵
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
PID:1064
- C:\Windows\system32\WerFault.exe
  C:\Windows\system32\WerFault.exe -u -p 1064 -s 900
  2⤵
  PID:2848

memory/1064-0-0x00000000010C0000-0x00000000010C8000-memory.dmp

Filesize
32KB

Download
memory/1064-1-0x000007FEF5E60000-0x000007FEF684C000-memory.dmp

Filesize
9.9MB

Download
memory/1064-2-0x0000000001020000-0x00000000010A0000-memory.dmp

Filesize
512KB

Download
memory/1064-3-0x000007FEF5E60000-0x000007FEF684C000-memory.dmp

Filesize
9.9MB

Download
memory/1064-4-0x0000000001020000-0x00000000010A0000-memory.dmp

Filesize
512KB

Download