aae30c2042a799b0495a301e127c47c8e27742bb84cf6e3851bf2beffd0824cf

Analysis

max time kernel
122s
max time network
125s
platform
windows7_x64
resource
win7-20231215-en
resource tags

arch:x64arch:x86image:win7-20231215-enlocale:en-usos:windows7-x64system
submitted
29-01-2024 13:58

Target

квитанция об оплате.exe
Size

919KB
MD5

c7e19a4d7ea34083227355a0032fd9f7
SHA1

e6d96446706d9f2d735ac2115436c5c26b09efc6
SHA256

aae30c2042a799b0495a301e127c47c8e27742bb84cf6e3851bf2beffd0824cf
SHA512

391a18a84980810ddcdd14eab50bdebc8eb5cb0a3201b1d6e00a51295f49b155c1031dd3688027b88a712f07eb22daeeb1e9ac81e6c15f0edd9f277cd0ba321c
SSDEEP

12288:1ebObjiVwtR5bWPQ8rzNkINDHflCDrPBZZNp9v9bI7TKskxJkN8h9Sio8k85U:QmjioRGbrxLtfWPB7NDv9b/bPh9x1kr

Score

3^/10

Program crash 1 IoCs

pid	pid_target	Process	procid_target
2208	1488	WerFault.exe	16

Suspicious behavior: EnumeratesProcesses 1 IoCs

pid	Process
1488	квитанция об оплате.exe

Suspicious use of AdjustPrivilegeToken 1 IoCs

description	pid	Process
Token: SeDebugPrivilege	1488	квитанция об оплате.exe

Suspicious use of WriteProcessMemory 4 IoCs

description	pid	Process	procid_target
PID 1488 wrote to memory of 2208	1488	квитанция об оплате.exe	28
PID 1488 wrote to memory of 2208	1488	квитанция об оплате.exe	28
PID 1488 wrote to memory of 2208	1488	квитанция об оплате.exe	28
PID 1488 wrote to memory of 2208	1488	квитанция об оплате.exe	28

C:\Users\Admin\AppData\Local\Temp\квитанция об оплате.exe
"C:\Users\Admin\AppData\Local\Temp\квитанция об оплате.exe"
1⤵
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
PID:1488
- C:\Windows\SysWOW64\WerFault.exe
  C:\Windows\SysWOW64\WerFault.exe -u -p 1488 -s 688
  2⤵
  - Program crash
  PID:2208

memory/1488-0-0x00000000013E0000-0x00000000014CC000-memory.dmp

Filesize
944KB

Download
memory/1488-1-0x00000000749D0000-0x00000000750BE000-memory.dmp

Filesize
6.9MB

Download
memory/1488-2-0x0000000000990000-0x00000000009D0000-memory.dmp

Filesize
256KB

Download
memory/1488-3-0x0000000000580000-0x0000000000592000-memory.dmp

Filesize
72KB

Download
memory/1488-4-0x00000000005A0000-0x00000000005AE000-memory.dmp

Filesize
56KB

Download
memory/1488-5-0x00000000052F0000-0x000000000536A000-memory.dmp

Filesize
488KB

Download
memory/1488-6-0x00000000749D0000-0x00000000750BE000-memory.dmp

Filesize
6.9MB

Download
memory/1488-7-0x0000000000990000-0x00000000009D0000-memory.dmp

Filesize
256KB

Download