3556f33f094f4645cc9196b4d88026d39c00c61027c85b45faecd8de69fec1d7

Analysis

max time kernel
119s
max time network
121s
platform
windows7_x64
resource
win7-20231215-en
resource tags

arch:x64arch:x86image:win7-20231215-enlocale:en-usos:windows7-x64system
submitted
13-02-2024 06:17

Target

98b098261544e379f08ec21c3cbc1975.exe
Size

9KB
MD5

98b098261544e379f08ec21c3cbc1975
SHA1

fb3bf8d57d6e0fd4bc3b76d6ea89a49a650b4e93
SHA256

3556f33f094f4645cc9196b4d88026d39c00c61027c85b45faecd8de69fec1d7
SHA512

74982b7716dbe4b10b5f4241aa28e6ab829d4f22c58c48ab47ce827be627fbfb78ab5d0968f02eddf8b2735fd45774d6833ce70d72b9b2bd6a70324a39902cc6
SSDEEP

192:6BksuHEXVwVcneMZZ3sf93VnjdwCzZ3wvWgO:iVwCneMEFnhwCVgv9

Score

1^/10

Suspicious use of AdjustPrivilegeToken 1 IoCs

description	pid	Process
Token: SeDebugPrivilege	2212	98b098261544e379f08ec21c3cbc1975.exe

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 2212 wrote to memory of 2812	2212	98b098261544e379f08ec21c3cbc1975.exe	28
PID 2212 wrote to memory of 2812	2212	98b098261544e379f08ec21c3cbc1975.exe	28
PID 2212 wrote to memory of 2812	2212	98b098261544e379f08ec21c3cbc1975.exe	28

C:\Users\Admin\AppData\Local\Temp\98b098261544e379f08ec21c3cbc1975.exe
"C:\Users\Admin\AppData\Local\Temp\98b098261544e379f08ec21c3cbc1975.exe"
1⤵
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
PID:2212
- C:\Windows\system32\WerFault.exe
  C:\Windows\system32\WerFault.exe -u -p 2212 -s 896
  2⤵
  PID:2812

memory/2212-0-0x0000000000220000-0x0000000000228000-memory.dmp

Filesize
32KB

Download
memory/2212-1-0x000007FEF5C50000-0x000007FEF663C000-memory.dmp

Filesize
9.9MB

Download
memory/2212-2-0x0000000000430000-0x00000000004B0000-memory.dmp

Filesize
512KB

Download
memory/2212-3-0x000007FEF5C50000-0x000007FEF663C000-memory.dmp

Filesize
9.9MB

Download
memory/2212-4-0x0000000000430000-0x00000000004B0000-memory.dmp

Filesize
512KB

Download