454ad62479218d6ef8670a6bfbc7866089cab04cb2fe2cb9de192879bbc3f841

Analysis

max time kernel
117s
max time network
118s
platform
windows7_x64
resource
win7-20231129-en
resource tags

arch:x64arch:x86image:win7-20231129-enlocale:en-usos:windows7-x64system
submitted
25/01/2024, 13:46

Target

74d92607b47ef0078d9d9bed305f61cf.exe
Size

9KB
MD5

74d92607b47ef0078d9d9bed305f61cf
SHA1

9daaa1405ebf3ec2b7f34335764b5819e57ac42d
SHA256

454ad62479218d6ef8670a6bfbc7866089cab04cb2fe2cb9de192879bbc3f841
SHA512

42792d28c759d075571c2904a5f25fdbf604cdcd3a8512b755e443fc52ccb32c36c6f359d9030fd19cf94d6f1b7134239bd5bcbc16f6ddf81a224c66278495e1
SSDEEP

192:JBksuXrN3y+82eMZZ3R93VnjdwCzu3yzzu12HP:eZW2eMTFnhwCSizzuQ

Score

1^/10

Suspicious use of AdjustPrivilegeToken 1 IoCs

description	pid	Process
Token: SeDebugPrivilege	1392	74d92607b47ef0078d9d9bed305f61cf.exe

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 1392 wrote to memory of 2076	1392	74d92607b47ef0078d9d9bed305f61cf.exe	28
PID 1392 wrote to memory of 2076	1392	74d92607b47ef0078d9d9bed305f61cf.exe	28
PID 1392 wrote to memory of 2076	1392	74d92607b47ef0078d9d9bed305f61cf.exe	28

C:\Users\Admin\AppData\Local\Temp\74d92607b47ef0078d9d9bed305f61cf.exe
"C:\Users\Admin\AppData\Local\Temp\74d92607b47ef0078d9d9bed305f61cf.exe"
1⤵
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
PID:1392
- C:\Windows\system32\WerFault.exe
  C:\Windows\system32\WerFault.exe -u -p 1392 -s 896
  2⤵
  PID:2076

memory/1392-0-0x0000000000950000-0x0000000000958000-memory.dmp

Filesize
32KB

Download
memory/1392-1-0x000007FEF5B40000-0x000007FEF652C000-memory.dmp

Filesize
9.9MB

Download
memory/1392-2-0x000000001B140000-0x000000001B1C0000-memory.dmp

Filesize
512KB

Download
memory/1392-3-0x000007FEF5B40000-0x000007FEF652C000-memory.dmp

Filesize
9.9MB

Download
memory/1392-4-0x000000001B140000-0x000000001B1C0000-memory.dmp

Filesize
512KB

Download