798ba1758bef9d7903cc7397d2daee187e1e13214c5dc298b4b9a4bf98ceadd0

Analysis

max time kernel
117s
max time network
118s
platform
windows7_x64
resource
win7-20231129-en
resource tags

arch:x64arch:x86image:win7-20231129-enlocale:en-usos:windows7-x64system
submitted
27/01/2024, 09:34

Target

79e39d971d37d58b82a5e0f17a910d11.exe
Size

9KB
MD5

79e39d971d37d58b82a5e0f17a910d11
SHA1

4314ad6f447cc145468f68e7daed3958082ce144
SHA256

798ba1758bef9d7903cc7397d2daee187e1e13214c5dc298b4b9a4bf98ceadd0
SHA512

3ebd40a9504f12f7b5f8cecb3c6f839ed99fef1a0dca896a6b2915ce64bc14fdc4424992ff676a38cb7ff2a5aefcef50c437d81ffccf9be1dcb3d3629f244e42
SSDEEP

192:WBksuL9MuIafeMZZ3j93Vnjdwqzl373RZv:XlffeMlFnhwqpNZ

Score

1^/10

Suspicious use of AdjustPrivilegeToken 1 IoCs

description	pid	Process
Token: SeDebugPrivilege	2264	79e39d971d37d58b82a5e0f17a910d11.exe

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 2264 wrote to memory of 2292	2264	79e39d971d37d58b82a5e0f17a910d11.exe	28
PID 2264 wrote to memory of 2292	2264	79e39d971d37d58b82a5e0f17a910d11.exe	28
PID 2264 wrote to memory of 2292	2264	79e39d971d37d58b82a5e0f17a910d11.exe	28

C:\Users\Admin\AppData\Local\Temp\79e39d971d37d58b82a5e0f17a910d11.exe
"C:\Users\Admin\AppData\Local\Temp\79e39d971d37d58b82a5e0f17a910d11.exe"
1⤵
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
PID:2264
- C:\Windows\system32\WerFault.exe
  C:\Windows\system32\WerFault.exe -u -p 2264 -s 892
  2⤵
  PID:2292

memory/2264-0-0x0000000000270000-0x0000000000278000-memory.dmp

Filesize
32KB

Download
memory/2264-1-0x000007FEF53C0000-0x000007FEF5DAC000-memory.dmp

Filesize
9.9MB

Download
memory/2264-2-0x000000001B400000-0x000000001B480000-memory.dmp

Filesize
512KB

Download
memory/2264-3-0x000007FEF53C0000-0x000007FEF5DAC000-memory.dmp

Filesize
9.9MB

Download
memory/2264-4-0x000000001B400000-0x000000001B480000-memory.dmp

Filesize
512KB

Download