e2c79746f1bc5e5ef95a0e8fc6c9bafa73b2457f03b14fe2241d3e0d38caf9be

Analysis

max time kernel
119s
max time network
119s
platform
windows7_x64
resource
win7-20231129-en
resource tags

arch:x64arch:x86image:win7-20231129-enlocale:en-usos:windows7-x64system
submitted
01/02/2024, 04:34

Target

85f13b54788a4d4805e29fd84830f6bd.exe
Size

9KB
MD5

85f13b54788a4d4805e29fd84830f6bd
SHA1

67e0582430f52d8e1649fc2b3c0822ebc70cafb2
SHA256

e2c79746f1bc5e5ef95a0e8fc6c9bafa73b2457f03b14fe2241d3e0d38caf9be
SHA512

d563f04d70076b0e8fed65e4706c209d6ff48a7be4afb41f5e5431da61acf3af2b63414f6d656f4c18289eb53d649956dd74b8f104cd068ef9f638e0f9c1a90f
SSDEEP

192:SRBksunPY82gQv5F4LtoeMZZ3Z93VnjdwCzH3DILXB992l:SD82l4LtoeM7FnhwCLTCXB992

Score

1^/10

Suspicious use of AdjustPrivilegeToken 1 IoCs

description	pid	Process
Token: SeDebugPrivilege	3028	85f13b54788a4d4805e29fd84830f6bd.exe

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 3028 wrote to memory of 2628	3028	85f13b54788a4d4805e29fd84830f6bd.exe	28
PID 3028 wrote to memory of 2628	3028	85f13b54788a4d4805e29fd84830f6bd.exe	28
PID 3028 wrote to memory of 2628	3028	85f13b54788a4d4805e29fd84830f6bd.exe	28

C:\Users\Admin\AppData\Local\Temp\85f13b54788a4d4805e29fd84830f6bd.exe
"C:\Users\Admin\AppData\Local\Temp\85f13b54788a4d4805e29fd84830f6bd.exe"
1⤵
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
PID:3028
- C:\Windows\system32\WerFault.exe
  C:\Windows\system32\WerFault.exe -u -p 3028 -s 896
  2⤵
  PID:2628

memory/3028-0-0x0000000000970000-0x0000000000978000-memory.dmp

Filesize
32KB

Download
memory/3028-1-0x000007FEF5B90000-0x000007FEF657C000-memory.dmp

Filesize
9.9MB

Download
memory/3028-2-0x000000001B350000-0x000000001B3D0000-memory.dmp

Filesize
512KB

Download
memory/3028-3-0x000007FEF5B90000-0x000007FEF657C000-memory.dmp

Filesize
9.9MB

Download
memory/3028-4-0x000000001B350000-0x000000001B3D0000-memory.dmp

Filesize
512KB

Download