bed044793e1be2385f783ecf7db9b507fae633dc2e09b3f37fbb1294529b9326

Analysis

max time kernel
118s
max time network
122s
platform
windows7_x64
resource
win7-20240221-en
resource tags

arch:x64arch:x86image:win7-20240221-enlocale:en-usos:windows7-x64system
submitted
25-02-2024 11:45

Target

a3b36f1d83b817beec3286825687e45c.exe
Size

9KB
MD5

a3b36f1d83b817beec3286825687e45c
SHA1

eef05938d2eea101f43ff6124de2f5df4ccdac85
SHA256

bed044793e1be2385f783ecf7db9b507fae633dc2e09b3f37fbb1294529b9326
SHA512

6cffc7a44896e6252bb4c6ac37afd958dd6d8496a6cf1e08a16724097fb8d86cc2c25b817e34275f6db8d92175a611a9f640709e0fdef75a37c1305985c25747
SSDEEP

192:NONBksuHEXVwV+CeMZZ3v93VnjdwCzY3y3DTTk:NIVwYCeMpFnhwCEC3XT

Score

1^/10

Suspicious use of AdjustPrivilegeToken 1 IoCs

description	pid	Process
Token: SeDebugPrivilege	2188	a3b36f1d83b817beec3286825687e45c.exe

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 2188 wrote to memory of 2460	2188	a3b36f1d83b817beec3286825687e45c.exe	28
PID 2188 wrote to memory of 2460	2188	a3b36f1d83b817beec3286825687e45c.exe	28
PID 2188 wrote to memory of 2460	2188	a3b36f1d83b817beec3286825687e45c.exe	28

C:\Users\Admin\AppData\Local\Temp\a3b36f1d83b817beec3286825687e45c.exe
"C:\Users\Admin\AppData\Local\Temp\a3b36f1d83b817beec3286825687e45c.exe"
1⤵
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
PID:2188
- C:\Windows\system32\WerFault.exe
  C:\Windows\system32\WerFault.exe -u -p 2188 -s 900
  2⤵
  PID:2460

memory/2188-0-0x0000000000C20000-0x0000000000C28000-memory.dmp

Filesize
32KB

Download
memory/2188-1-0x000007FEF54B0000-0x000007FEF5E9C000-memory.dmp

Filesize
9.9MB

Download
memory/2188-2-0x000000001A7F0000-0x000000001A870000-memory.dmp

Filesize
512KB

Download
memory/2188-3-0x000007FEF54B0000-0x000007FEF5E9C000-memory.dmp

Filesize
9.9MB

Download
memory/2188-4-0x000000001A7F0000-0x000000001A870000-memory.dmp

Filesize
512KB

Download