a017c034a15c17d965122b4c87885ea1e9ba673f05debdefab27ce2f7e825294

Analysis

max time kernel
122s
max time network
126s
platform
windows7_x64
resource
win7-20240221-en
resource tags

arch:x64arch:x86image:win7-20240221-enlocale:en-usos:windows7-x64system
submitted
28/02/2024, 20:30

Target

acc821f9dbb819bfcfac7b64a06f17ed.exe
Size

9KB
MD5

acc821f9dbb819bfcfac7b64a06f17ed
SHA1

21257a338829608d54462a33822112948bc6bb1d
SHA256

a017c034a15c17d965122b4c87885ea1e9ba673f05debdefab27ce2f7e825294
SHA512

4cf34cf86d93e0eb00d9aee08dd51a982ef23f9a22fb1eee04d0f6e495fc8c24fd71bf3b832e304c2ca2f013a060d4447d31424ff7760a9c1e8c2a422a9d0e92
SSDEEP

192:nBksuDzHNQ5+eMZZ3C93Vnjdwqzfu3xSL0Q:oHu+eM2FnhwqzuQL0

Score

1^/10

Suspicious use of AdjustPrivilegeToken 1 IoCs

description	pid	Process
Token: SeDebugPrivilege	2844	acc821f9dbb819bfcfac7b64a06f17ed.exe

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 2844 wrote to memory of 2628	2844	acc821f9dbb819bfcfac7b64a06f17ed.exe	28
PID 2844 wrote to memory of 2628	2844	acc821f9dbb819bfcfac7b64a06f17ed.exe	28
PID 2844 wrote to memory of 2628	2844	acc821f9dbb819bfcfac7b64a06f17ed.exe	28

C:\Users\Admin\AppData\Local\Temp\acc821f9dbb819bfcfac7b64a06f17ed.exe
"C:\Users\Admin\AppData\Local\Temp\acc821f9dbb819bfcfac7b64a06f17ed.exe"
1⤵
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
PID:2844
- C:\Windows\system32\WerFault.exe
  C:\Windows\system32\WerFault.exe -u -p 2844 -s 904
  2⤵
  PID:2628

memory/2844-0-0x0000000000F10000-0x0000000000F18000-memory.dmp

Filesize
32KB

Download
memory/2844-1-0x000007FEF5CE0000-0x000007FEF66CC000-memory.dmp

Filesize
9.9MB

Download
memory/2844-2-0x0000000000480000-0x0000000000500000-memory.dmp

Filesize
512KB

Download
memory/2844-3-0x000007FEF5CE0000-0x000007FEF66CC000-memory.dmp

Filesize
9.9MB

Download
memory/2844-4-0x0000000000480000-0x0000000000500000-memory.dmp

Filesize
512KB

Download