421f0c0edbad1fb0c8f62c53b05583272a695760cf4a942157f96a4d1eebe342

Analysis

max time kernel
118s
max time network
119s
platform
windows7_x64
resource
win7-20231215-en
resource tags

arch:x64arch:x86image:win7-20231215-enlocale:en-usos:windows7-x64system
submitted
24/01/2024, 18:53

Target

72c920a711b6103f79b0bd890713b685.exe
Size

9KB
MD5

72c920a711b6103f79b0bd890713b685
SHA1

5f52464506613f258fc6942aa46fd9aef1eb203c
SHA256

421f0c0edbad1fb0c8f62c53b05583272a695760cf4a942157f96a4d1eebe342
SHA512

aad17facb779cc28d072cf065329be9c7c4a5250b9165046fa02a166e6806b6fb75f987a8ad4f402480fe8e359495e251e58de43f01adb873654d5a4efb312a6
SSDEEP

192:xBksunPY82gQv5F43tReMZZ3u93VnjdwCzP3pWzZ:j82l43tReMSFnhwCjS

Score

1^/10

Suspicious use of AdjustPrivilegeToken 1 IoCs

description	pid	Process
Token: SeDebugPrivilege	1752	72c920a711b6103f79b0bd890713b685.exe

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 1752 wrote to memory of 2044	1752	72c920a711b6103f79b0bd890713b685.exe	28
PID 1752 wrote to memory of 2044	1752	72c920a711b6103f79b0bd890713b685.exe	28
PID 1752 wrote to memory of 2044	1752	72c920a711b6103f79b0bd890713b685.exe	28

C:\Users\Admin\AppData\Local\Temp\72c920a711b6103f79b0bd890713b685.exe
"C:\Users\Admin\AppData\Local\Temp\72c920a711b6103f79b0bd890713b685.exe"
1⤵
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
PID:1752
- C:\Windows\system32\WerFault.exe
  C:\Windows\system32\WerFault.exe -u -p 1752 -s 896
  2⤵
  PID:2044

memory/1752-0-0x00000000001E0000-0x00000000001E8000-memory.dmp

Filesize
32KB

Download
memory/1752-1-0x000007FEF5380000-0x000007FEF5D6C000-memory.dmp

Filesize
9.9MB

Download
memory/1752-2-0x0000000000220000-0x00000000002A0000-memory.dmp

Filesize
512KB

Download
memory/1752-3-0x000007FEF5380000-0x000007FEF5D6C000-memory.dmp

Filesize
9.9MB

Download
memory/1752-4-0x0000000000220000-0x00000000002A0000-memory.dmp

Filesize
512KB

Download