49074bba6712263c6171d3bede12899c6b059661b7573c1d8e52bb432d585333

Analysis

max time kernel
121s
max time network
128s
platform
windows7_x64
resource
win7-20231215-en
resource tags

arch:x64arch:x86image:win7-20231215-enlocale:en-usos:windows7-x64system
submitted
25-01-2024 17:45

Target

75204057262a562f037ceda08883169b.exe
Size

9KB
MD5

75204057262a562f037ceda08883169b
SHA1

aaea0b60a7bde600e88c987c04e7e2ccf91ead3b
SHA256

49074bba6712263c6171d3bede12899c6b059661b7573c1d8e52bb432d585333
SHA512

97103e4bfc41120b1ebb2c2b1d20d41c4ba59584a9feefac7229ca2ad72ca02401b4f021e95707a555eba2258855e9d96217db95b732c4dcd399bd075bc11195
SSDEEP

192:VBksun9MuIBveMZZ3f93Vnjdwqznh3Ngrgt:+l4veMJFnhwqjhSrg

Score

1^/10

Suspicious use of AdjustPrivilegeToken 1 IoCs

Processes:

75204057262a562f037ceda08883169b.exe

description pid process

Token: SeDebugPrivilege 1824 75204057262a562f037ceda08883169b.exe

description	pid	process
Token: SeDebugPrivilege	1824	75204057262a562f037ceda08883169b.exe

Suspicious use of WriteProcessMemory 3 IoCs

Processes:

75204057262a562f037ceda08883169b.exe

description	pid	process	target process
PID 1824 wrote to memory of 2764	1824	75204057262a562f037ceda08883169b.exe	WerFault.exe
PID 1824 wrote to memory of 2764	1824	75204057262a562f037ceda08883169b.exe	WerFault.exe
PID 1824 wrote to memory of 2764	1824	75204057262a562f037ceda08883169b.exe	WerFault.exe

C:\Windows\system32\WerFault.exe
C:\Windows\system32\WerFault.exe -u -p 1824 -s 892
2⤵
PID:2764

memory/1824-0-0x0000000000860000-0x0000000000868000-memory.dmp

Filesize
32KB

Download
memory/1824-1-0x000007FEF5820000-0x000007FEF620C000-memory.dmp

Filesize
9.9MB

Download
memory/1824-2-0x000000001B1A0000-0x000000001B220000-memory.dmp

Filesize
512KB

Download
memory/1824-3-0x000007FEF5820000-0x000007FEF620C000-memory.dmp

Filesize
9.9MB

Download
memory/1824-4-0x000000001B1A0000-0x000000001B220000-memory.dmp

Filesize
512KB

Download