5f7439875ae377fedd4035841d6d5a778d59771af9dfbdfb7705ab4b558186b8

Analysis

max time kernel
119s
max time network
119s
platform
windows7_x64
resource
win7-20240221-en
resource tags

arch:x64arch:x86image:win7-20240221-enlocale:en-usos:windows7-x64system
submitted
29/02/2024, 03:45

Target

ad9a5e384ecafaecc113faaffb413262.exe
Size

9KB
MD5

ad9a5e384ecafaecc113faaffb413262
SHA1

eff7d6d0a42f9bfc3d4fded3b5238b8f061f8833
SHA256

5f7439875ae377fedd4035841d6d5a778d59771af9dfbdfb7705ab4b558186b8
SHA512

c733d1014df6a4d0a1d673c2c6764f1196125e5fda813adc4f2265be2ec7c61a4f0f19c489801d2711b4331d543ddb604dea4e41dad7582df7059256b1e19d54
SSDEEP

192:SBksu3PY82gQv5F4ftGeMZZ3T93VnjdwCz23tqQC+4B:e82l4ftGeM1FnhwCyvC+4

Score

1^/10

Suspicious use of AdjustPrivilegeToken 1 IoCs

description	pid	Process
Token: SeDebugPrivilege	2868	ad9a5e384ecafaecc113faaffb413262.exe

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 2868 wrote to memory of 2652	2868	ad9a5e384ecafaecc113faaffb413262.exe	28
PID 2868 wrote to memory of 2652	2868	ad9a5e384ecafaecc113faaffb413262.exe	28
PID 2868 wrote to memory of 2652	2868	ad9a5e384ecafaecc113faaffb413262.exe	28

C:\Users\Admin\AppData\Local\Temp\ad9a5e384ecafaecc113faaffb413262.exe
"C:\Users\Admin\AppData\Local\Temp\ad9a5e384ecafaecc113faaffb413262.exe"
1⤵
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
PID:2868
- C:\Windows\system32\WerFault.exe
  C:\Windows\system32\WerFault.exe -u -p 2868 -s 892
  2⤵
  PID:2652

memory/2868-0-0x00000000000C0000-0x00000000000C8000-memory.dmp

Filesize
32KB

Download
memory/2868-1-0x000007FEF57C0000-0x000007FEF61AC000-memory.dmp

Filesize
9.9MB

Download
memory/2868-2-0x0000000001FA0000-0x0000000002020000-memory.dmp

Filesize
512KB

Download
memory/2868-3-0x000007FEF57C0000-0x000007FEF61AC000-memory.dmp

Filesize
9.9MB

Download
memory/2868-4-0x0000000001FA0000-0x0000000002020000-memory.dmp

Filesize
512KB

Download