55d850cefccfa5340b1835c6a3f9ffb48d35c2210be93e3d6d8806feb69a155f

Analysis

max time kernel
122s
max time network
125s
platform
windows7_x64
resource
win7-20240221-en
resource tags

arch:x64arch:x86image:win7-20240221-enlocale:en-usos:windows7-x64system
submitted
24/02/2024, 00:57

Target

HaX.exe
Size

4.0MB
MD5

9e8723e4e16c1a654758bb2669f3f99b
SHA1

c56ea25690a9b810e037df0a680f5c2c32d8adc5
SHA256

55d850cefccfa5340b1835c6a3f9ffb48d35c2210be93e3d6d8806feb69a155f
SHA512

76a7bc0ea314fcf653887605972e4f1ba695938410e6efe65ed9f2798b2b448b321a74624ee8ffc01f89494023728649b744d37f07b574e0b6d5db70013e906b
SSDEEP

24576:WVjvlHeY1i15gBUL+JT6p++eciXwvc4lasVAk8oGa1WtDH5Gj1Oes0bWgCjFv6e:UjNHeY1iDHehMa3mYJu

Score

1^/10

Suspicious behavior: EnumeratesProcesses 8 IoCs

Suspicious use of AdjustPrivilegeToken 1 IoCs

description	pid	Process
Token: SeDebugPrivilege	2216	taskmgr.exe

Suspicious use of FindShellTrayWindow 35 IoCs

Suspicious use of SendNotifyMessage 34 IoCs

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 2896 wrote to memory of 2816	2896	HaX.exe	28
PID 2896 wrote to memory of 2816	2896	HaX.exe	28
PID 2896 wrote to memory of 2816	2896	HaX.exe	28

C:\Users\Admin\AppData\Local\Temp\HaX.exe
"C:\Users\Admin\AppData\Local\Temp\HaX.exe"
1⤵
- Suspicious use of WriteProcessMemory
PID:2896
- C:\Windows\system32\WerFault.exe
  C:\Windows\system32\WerFault.exe -u -p 2896 -s 540
  2⤵
  PID:2816

memory/2216-4-0x0000000140000000-0x00000001405E8000-memory.dmp

Filesize
5.9MB

Download
memory/2216-5-0x0000000140000000-0x00000001405E8000-memory.dmp

Filesize
5.9MB

Download
memory/2896-0-0x0000000000890000-0x0000000000C94000-memory.dmp

Filesize
4.0MB

Download
memory/2896-1-0x000007FEF5660000-0x000007FEF604C000-memory.dmp

Filesize
9.9MB

Download
memory/2896-2-0x000007FEF5660000-0x000007FEF604C000-memory.dmp

Filesize
9.9MB

Download
memory/2896-3-0x000007FEF5660000-0x000007FEF604C000-memory.dmp

Filesize
9.9MB

Download