c900106031c99b3f4279b7d2020281a395c35a3a619cea4cee16de4b61adbd2a

Analysis

max time kernel
149s
max time network
154s
platform
windows10-2004_x64
resource
win10v2004-20231215-en
resource tags

arch:x64arch:x86image:win10v2004-20231215-enlocale:en-usos:windows10-2004-x64system
submitted
28/01/2024, 09:21

Target

7cbf30013b88f506ee307cef81103d99.exe
Size

629KB
MD5

7cbf30013b88f506ee307cef81103d99
SHA1

c95cd9d397623fe0d51b38cae89a7d1e5ac792d8
SHA256

c900106031c99b3f4279b7d2020281a395c35a3a619cea4cee16de4b61adbd2a
SHA512

c5987d043645fdbfff0ed18801996748101d8768d2c4c9c10abf668a3489dc120dac1a7b4aa2726dbd66f8935a9b0b21c65dd6adbed4b69b020005d1de52043e
SSDEEP

12288:wVt+w8wyv/x66WoJfbO6NYwyzdFyMUKE2LDQtBxUagKe/WsGnKe1ZIuM:+t+w5yBDJfbjgTU/EDQTgKqPGDZb

Score

3^/10

Program crash 1 IoCs

pid	pid_target	Process	procid_target
1636	4140	WerFault.exe	84

Suspicious use of AdjustPrivilegeToken 1 IoCs

description	pid	Process
Token: SeTakeOwnershipPrivilege	4140	7cbf30013b88f506ee307cef81103d99.exe

C:\Users\Admin\AppData\Local\Temp\7cbf30013b88f506ee307cef81103d99.exe
"C:\Users\Admin\AppData\Local\Temp\7cbf30013b88f506ee307cef81103d99.exe"
1⤵
- Suspicious use of AdjustPrivilegeToken
PID:4140
- C:\Windows\SysWOW64\WerFault.exe
  C:\Windows\SysWOW64\WerFault.exe -u -p 4140 -s 320
  2⤵
  - Program crash
  PID:1636

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 408 -p 4140 -ip 4140
1⤵
PID:1032

memory/4140-0-0x0000000000A90000-0x0000000000BE0000-memory.dmp

Filesize
1.3MB

Download
memory/4140-1-0x0000000000A90000-0x0000000000BE0000-memory.dmp

Filesize
1.3MB

Download
memory/4140-3-0x0000000000A90000-0x0000000000BE0000-memory.dmp

Filesize
1.3MB

Download
memory/4140-4-0x0000000000A90000-0x0000000000BE0000-memory.dmp

Filesize
1.3MB

Download