4c36d139fa9df02b0ca10337dcdc5f0c781aeb299b98126fc63db2e667bff057

Analysis

max time kernel
122s
max time network
126s
platform
windows7_x64
resource
win7-20231215-en
resource tags

arch:x64arch:x86image:win7-20231215-enlocale:en-usos:windows7-x64system
submitted
01-02-2024 01:55

Target

202401310009.exe
Size

156KB
MD5

0073882408ccaeaa4c77889b22c5546c
SHA1

97f7176f986536ba6b16a2e59e699884a446d27a
SHA256

17e2ea8ea355babc49d0b0f4a16aaffa3e7e3e97171668205247e16d8e5eb5b8
SHA512

752ea528b877d92dc88c165e80f4f7add2864f2bdf6f5e96bbcf04a9adf13ca092cf93271cd25083cb033d26b884a3f1fd5e030c7f56b22277cfbae85173f2d9
SSDEEP

3072:6dSf2JsfZu1RYPaqKy+P5KV8e2iVvA9HT+Xrlmh:JhDhD+PYye2iiHKrlm

Score

3^/10

Program crash 1 IoCs

pid	pid_target	Process	procid_target
1168	2220	WerFault.exe	27

Suspicious use of AdjustPrivilegeToken 1 IoCs

description	pid	Process
Token: SeDebugPrivilege	2220	202401310009.exe

Suspicious use of WriteProcessMemory 4 IoCs

description	pid	Process	procid_target
PID 2220 wrote to memory of 1168	2220	202401310009.exe	28
PID 2220 wrote to memory of 1168	2220	202401310009.exe	28
PID 2220 wrote to memory of 1168	2220	202401310009.exe	28
PID 2220 wrote to memory of 1168	2220	202401310009.exe	28

C:\Users\Admin\AppData\Local\Temp\202401310009.exe
"C:\Users\Admin\AppData\Local\Temp\202401310009.exe"
1⤵
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
PID:2220
- C:\Windows\SysWOW64\WerFault.exe
  C:\Windows\SysWOW64\WerFault.exe -u -p 2220 -s 1080
  2⤵
  - Program crash
  PID:1168

memory/2220-0-0x0000000000040000-0x000000000006E000-memory.dmp

Filesize
184KB

Download
memory/2220-1-0x0000000074C70000-0x000000007535E000-memory.dmp

Filesize
6.9MB

Download
memory/2220-2-0x00000000046F0000-0x0000000004730000-memory.dmp

Filesize
256KB

Download
memory/2220-3-0x0000000074C70000-0x000000007535E000-memory.dmp

Filesize
6.9MB

Download
memory/2220-4-0x00000000046F0000-0x0000000004730000-memory.dmp

Filesize
256KB

Download