997e12ff13b6c5fa06d85b5c0bc4d1c26a53c74a6fd364b4ec499c41b978a08c

Analysis

max time kernel
119s
max time network
123s
platform
windows7_x64
resource
win7-20231215-en
resource tags

arch:x64arch:x86image:win7-20231215-enlocale:en-usos:windows7-x64system
submitted
24/01/2024, 14:10

Target

7271ad16f74b8ec38dc683e50c05f296.exe
Size

74KB
MD5

7271ad16f74b8ec38dc683e50c05f296
SHA1

40850b93fb55672375ffabcb32d4952a31acd213
SHA256

997e12ff13b6c5fa06d85b5c0bc4d1c26a53c74a6fd364b4ec499c41b978a08c
SHA512

a23c903fdd15318de9f9eee48bfe258832ee00143c9b6da7ade0998291616536458fdf7b7efc88208bd2d67b7f2230d107af358b5f6105238d6e03203a215398
SSDEEP

192:Bn8L358rH+t+K3UgmOkbWEvec/5eWJeLBSSZRtoAUntgSE1:Bn8LJ8rHO73HkiEvec/psByAUntgS

Score

3^/10

Program crash 1 IoCs

pid	pid_target	Process	procid_target
2340	2640	WerFault.exe	27

Suspicious use of AdjustPrivilegeToken 1 IoCs

description	pid	Process
Token: SeDebugPrivilege	2640	7271ad16f74b8ec38dc683e50c05f296.exe

Suspicious use of WriteProcessMemory 4 IoCs

description	pid	Process	procid_target
PID 2640 wrote to memory of 2340	2640	7271ad16f74b8ec38dc683e50c05f296.exe	28
PID 2640 wrote to memory of 2340	2640	7271ad16f74b8ec38dc683e50c05f296.exe	28
PID 2640 wrote to memory of 2340	2640	7271ad16f74b8ec38dc683e50c05f296.exe	28
PID 2640 wrote to memory of 2340	2640	7271ad16f74b8ec38dc683e50c05f296.exe	28

C:\Users\Admin\AppData\Local\Temp\7271ad16f74b8ec38dc683e50c05f296.exe
"C:\Users\Admin\AppData\Local\Temp\7271ad16f74b8ec38dc683e50c05f296.exe"
1⤵
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
PID:2640
- C:\Windows\SysWOW64\WerFault.exe
  C:\Windows\SysWOW64\WerFault.exe -u -p 2640 -s 1080
  2⤵
  - Program crash
  PID:2340

memory/2640-0-0x0000000000860000-0x0000000000878000-memory.dmp

Filesize
96KB

Download
memory/2640-1-0x0000000074730000-0x0000000074E1E000-memory.dmp

Filesize
6.9MB

Download
memory/2640-2-0x0000000004AD0000-0x0000000004B10000-memory.dmp

Filesize
256KB

Download
memory/2640-3-0x0000000074730000-0x0000000074E1E000-memory.dmp

Filesize
6.9MB

Download
memory/2640-4-0x0000000004AD0000-0x0000000004B10000-memory.dmp

Filesize
256KB

Download