c7086a2fab3302e8efcfb84db3d28ca1fa00b55bf6f65c089d95c51e6b2c341d

Analysis

max time kernel
119s
max time network
124s
platform
windows7_x64
resource
win7-20240221-en
resource tags

arch:x64arch:x86image:win7-20240221-enlocale:en-usos:windows7-x64system
submitted
24-02-2024 14:11

Target

a20c07ddc3ecc4c1b0119452482c2665.exe
Size

9KB
MD5

a20c07ddc3ecc4c1b0119452482c2665
SHA1

562ea113b01a65f6efdb0cb7cb25fb4bcab04294
SHA256

c7086a2fab3302e8efcfb84db3d28ca1fa00b55bf6f65c089d95c51e6b2c341d
SHA512

c8c0ff6cb29347e598a8de13febb6f1ae39dd36dd0537254ab84563f7276de26c010f60a3f2007204a2cc3febaf42bd62507de83fc6cf6cf6cb3f4f12c034bd1
SSDEEP

192:NBksuXzHNQjNeMZZ3793Vnjdwqzt3YODuw5Sr:GHENeMlFnhwqRoODf5

Score

1^/10

Suspicious use of AdjustPrivilegeToken 1 IoCs

description	pid	Process
Token: SeDebugPrivilege	2292	a20c07ddc3ecc4c1b0119452482c2665.exe

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 2292 wrote to memory of 2632	2292	a20c07ddc3ecc4c1b0119452482c2665.exe	28
PID 2292 wrote to memory of 2632	2292	a20c07ddc3ecc4c1b0119452482c2665.exe	28
PID 2292 wrote to memory of 2632	2292	a20c07ddc3ecc4c1b0119452482c2665.exe	28

C:\Users\Admin\AppData\Local\Temp\a20c07ddc3ecc4c1b0119452482c2665.exe
"C:\Users\Admin\AppData\Local\Temp\a20c07ddc3ecc4c1b0119452482c2665.exe"
1⤵
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
PID:2292
- C:\Windows\system32\WerFault.exe
  C:\Windows\system32\WerFault.exe -u -p 2292 -s 900
  2⤵
  PID:2632

memory/2292-0-0x0000000000EA0000-0x0000000000EA8000-memory.dmp

Filesize
32KB

Download
memory/2292-1-0x000007FEF5F80000-0x000007FEF696C000-memory.dmp

Filesize
9.9MB

Download
memory/2292-2-0x00000000006A0000-0x0000000000720000-memory.dmp

Filesize
512KB

Download
memory/2292-3-0x000007FEF5F80000-0x000007FEF696C000-memory.dmp

Filesize
9.9MB

Download
memory/2292-4-0x00000000006A0000-0x0000000000720000-memory.dmp

Filesize
512KB

Download