e575269e120674aae3ac1bd6b5bb68626d01f71163837cbe8e79dee883e3f97c

Analysis

max time kernel
122s
max time network
125s
platform
windows7_x64
resource
win7-20231215-en
resource tags

arch:x64arch:x86image:win7-20231215-enlocale:en-usos:windows7-x64system
submitted
04-02-2024 09:54

Target

8eda007bfa0306efb2e89fa462c2dff2.exe
Size

9KB
MD5

8eda007bfa0306efb2e89fa462c2dff2
SHA1

996e69d3c45ddc0903180f7025ccd694094c4c09
SHA256

e575269e120674aae3ac1bd6b5bb68626d01f71163837cbe8e79dee883e3f97c
SHA512

45981ef1fe596d23b7c7bb3972ece72ce91e2a8925f64da3555078bfccb7305e4fe69c795abc2ccf11342aaeb2d26394fcf269b0a9f310c58f64e703533f8ad9
SSDEEP

192:kBksuXrN3y+BheMZZ3g93VnjdwCzH3t9/KKyHQ:LZfheM0FnhwCzrAH

Score

1^/10

Suspicious use of AdjustPrivilegeToken 1 IoCs

description	pid	Process
Token: SeDebugPrivilege	2236	8eda007bfa0306efb2e89fa462c2dff2.exe

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 2236 wrote to memory of 2008	2236	8eda007bfa0306efb2e89fa462c2dff2.exe	28
PID 2236 wrote to memory of 2008	2236	8eda007bfa0306efb2e89fa462c2dff2.exe	28
PID 2236 wrote to memory of 2008	2236	8eda007bfa0306efb2e89fa462c2dff2.exe	28

C:\Users\Admin\AppData\Local\Temp\8eda007bfa0306efb2e89fa462c2dff2.exe
"C:\Users\Admin\AppData\Local\Temp\8eda007bfa0306efb2e89fa462c2dff2.exe"
1⤵
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
PID:2236
- C:\Windows\system32\WerFault.exe
  C:\Windows\system32\WerFault.exe -u -p 2236 -s 904
  2⤵
  PID:2008

memory/2236-0-0x0000000000F00000-0x0000000000F08000-memory.dmp

Filesize
32KB

Download
memory/2236-1-0x000007FEF5C70000-0x000007FEF665C000-memory.dmp

Filesize
9.9MB

Download
memory/2236-2-0x000000001B480000-0x000000001B500000-memory.dmp

Filesize
512KB

Download
memory/2236-3-0x000007FEF5C70000-0x000007FEF665C000-memory.dmp

Filesize
9.9MB

Download
memory/2236-4-0x000000001B480000-0x000000001B500000-memory.dmp

Filesize
512KB

Download