fd9b60e830dbb5d864d5243a6826b16d0edc53b1e62df9532e2b56e784f7050d

Analysis

max time kernel
121s
max time network
124s
platform
windows7_x64
resource
win7-20231215-en
resource tags

arch:x64arch:x86image:win7-20231215-enlocale:en-usos:windows7-x64system
submitted
17-01-2024 22:21

Target

63c22ca8cfaa5a7f9b367f231137a244.exe
Size

9KB
MD5

63c22ca8cfaa5a7f9b367f231137a244
SHA1

863b3b0c1185f9ed57f718b045792f8f1eee39c8
SHA256

fd9b60e830dbb5d864d5243a6826b16d0edc53b1e62df9532e2b56e784f7050d
SHA512

3bec92987b1583c8abd650e5c2bcd9c0787d1c39b3ce90f481e1f60874bc9c9692cdd2ae6ae8772d07b176813a0a65fb4a2dcbaf79c52628f79ad6e9a17c4429
SSDEEP

192:4Bksu/zHNQtEheMZZ3693VnjdwqzW3zApW:nHSEheMeFnhwqaDy

Score

1^/10

Suspicious use of AdjustPrivilegeToken 1 IoCs

description	pid	Process
Token: SeDebugPrivilege	1152	63c22ca8cfaa5a7f9b367f231137a244.exe

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 1152 wrote to memory of 2740	1152	63c22ca8cfaa5a7f9b367f231137a244.exe	28
PID 1152 wrote to memory of 2740	1152	63c22ca8cfaa5a7f9b367f231137a244.exe	28
PID 1152 wrote to memory of 2740	1152	63c22ca8cfaa5a7f9b367f231137a244.exe	28

C:\Users\Admin\AppData\Local\Temp\63c22ca8cfaa5a7f9b367f231137a244.exe
"C:\Users\Admin\AppData\Local\Temp\63c22ca8cfaa5a7f9b367f231137a244.exe"
1⤵
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
PID:1152
- C:\Windows\system32\WerFault.exe
  C:\Windows\system32\WerFault.exe -u -p 1152 -s 900
  2⤵
  PID:2740

memory/1152-0-0x00000000011E0000-0x00000000011E8000-memory.dmp

Filesize
32KB

Download
memory/1152-1-0x000007FEF5F60000-0x000007FEF694C000-memory.dmp

Filesize
9.9MB

Download
memory/1152-2-0x000000001A7B0000-0x000000001A830000-memory.dmp

Filesize
512KB

Download
memory/1152-3-0x000007FEF5F60000-0x000007FEF694C000-memory.dmp

Filesize
9.9MB

Download
memory/1152-4-0x000000001A7B0000-0x000000001A830000-memory.dmp

Filesize
512KB

Download