3607dd6c8fb151afa9664b27b8adf35bb601be0e4a64617370a5ba06e10bf097

Analysis

max time kernel
117s
max time network
121s
platform
windows7_x64
resource
win7-20240221-en
resource tags

arch:x64arch:x86image:win7-20240221-enlocale:en-usos:windows7-x64system
submitted
29/02/2024, 04:08

Target

ada6b1cb6a8a1b757e199b058f4dff84.exe
Size

9KB
MD5

ada6b1cb6a8a1b757e199b058f4dff84
SHA1

e173fb2ba33a2044595b565b4e6002eb8a7b36db
SHA256

3607dd6c8fb151afa9664b27b8adf35bb601be0e4a64617370a5ba06e10bf097
SHA512

69e1c5471a52de2a5b352ac3440e108256b4634243f9f3a32e7a6a230931c899a496bce6a7b5d723ba29943bb899da07b1094e311fadc155c6d5c254aee06d7f
SSDEEP

192:DBksuvPY82gQv5F48BtYeMZZ3N93VnjdwCzn3t4a0Ce:F82l4GtYeMvFnhwCr947C

Score

1^/10

Suspicious use of AdjustPrivilegeToken 1 IoCs

description	pid	Process
Token: SeDebugPrivilege	2724	ada6b1cb6a8a1b757e199b058f4dff84.exe

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 2724 wrote to memory of 2540	2724	ada6b1cb6a8a1b757e199b058f4dff84.exe	30
PID 2724 wrote to memory of 2540	2724	ada6b1cb6a8a1b757e199b058f4dff84.exe	30
PID 2724 wrote to memory of 2540	2724	ada6b1cb6a8a1b757e199b058f4dff84.exe	30

C:\Users\Admin\AppData\Local\Temp\ada6b1cb6a8a1b757e199b058f4dff84.exe
"C:\Users\Admin\AppData\Local\Temp\ada6b1cb6a8a1b757e199b058f4dff84.exe"
1⤵
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
PID:2724
- C:\Windows\system32\WerFault.exe
  C:\Windows\system32\WerFault.exe -u -p 2724 -s 896
  2⤵
  PID:2540

memory/2724-0-0x0000000000390000-0x0000000000398000-memory.dmp

Filesize
32KB

Download
memory/2724-1-0x000007FEF5C40000-0x000007FEF662C000-memory.dmp

Filesize
9.9MB

Download
memory/2724-2-0x000000001AF60000-0x000000001AFE0000-memory.dmp

Filesize
512KB

Download
memory/2724-3-0x000007FEF5C40000-0x000007FEF662C000-memory.dmp

Filesize
9.9MB

Download
memory/2724-4-0x000000001AF60000-0x000000001AFE0000-memory.dmp

Filesize
512KB

Download