402c6476a34c6adab7006df170beac3307d7615ddd88532eefeca62d8fcfe69c

Analysis

max time kernel
121s
max time network
122s
platform
windows7_x64
resource
win7-20231215-en
resource tags

arch:x64arch:x86image:win7-20231215-enlocale:en-usos:windows7-x64system
submitted
03/02/2024, 08:30

Target

8bdf2f453c39ceab33c93eadfe99214e.exe
Size

9KB
MD5

8bdf2f453c39ceab33c93eadfe99214e
SHA1

467d93ed3ecd96c848767bf31026db5f16d50f6f
SHA256

402c6476a34c6adab7006df170beac3307d7615ddd88532eefeca62d8fcfe69c
SHA512

4f319441e5d2e5ed6d8a4b1d7216e924a5727865f1a55c9626e55578e064baccfadae1132a0ff94043a957c71a9108b2b63d72baeb2da8ec7994d099a5505c90
SSDEEP

192:QBksuDDUSOV2oNSeMZZ3r93VnjdwCzJ3pGEswOZ:7uSeMFFnhwCl0wO

Score

1^/10

Suspicious use of AdjustPrivilegeToken 1 IoCs

description	pid	Process
Token: SeDebugPrivilege	2180	8bdf2f453c39ceab33c93eadfe99214e.exe

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 2180 wrote to memory of 2692	2180	8bdf2f453c39ceab33c93eadfe99214e.exe	28
PID 2180 wrote to memory of 2692	2180	8bdf2f453c39ceab33c93eadfe99214e.exe	28
PID 2180 wrote to memory of 2692	2180	8bdf2f453c39ceab33c93eadfe99214e.exe	28

C:\Users\Admin\AppData\Local\Temp\8bdf2f453c39ceab33c93eadfe99214e.exe
"C:\Users\Admin\AppData\Local\Temp\8bdf2f453c39ceab33c93eadfe99214e.exe"
1⤵
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
PID:2180
- C:\Windows\system32\WerFault.exe
  C:\Windows\system32\WerFault.exe -u -p 2180 -s 892
  2⤵
  PID:2692

memory/2180-0-0x0000000000D00000-0x0000000000D08000-memory.dmp

Filesize
32KB

Download
memory/2180-1-0x000007FEF5A90000-0x000007FEF647C000-memory.dmp

Filesize
9.9MB

Download
memory/2180-2-0x000000001B530000-0x000000001B5B0000-memory.dmp

Filesize
512KB

Download
memory/2180-3-0x000007FEF5A90000-0x000007FEF647C000-memory.dmp

Filesize
9.9MB

Download
memory/2180-4-0x000000001B530000-0x000000001B5B0000-memory.dmp

Filesize
512KB

Download