24b487a2636a7785861aef9b55d342aa03f3c96347b9de2e2cc83e82ca0bf3b9

Analysis

max time kernel
120s
max time network
124s
platform
windows7_x64
resource
win7-20240221-en
resource tags

arch:x64arch:x86image:win7-20240221-enlocale:en-usos:windows7-x64system
submitted
06-03-2024 11:55

Target

b756dd7ba1dea9d098ecffed80c82bf4.exe
Size

9KB
MD5

b756dd7ba1dea9d098ecffed80c82bf4
SHA1

e9e69e42801df212b0845dcd785975a2fc4a359b
SHA256

24b487a2636a7785861aef9b55d342aa03f3c96347b9de2e2cc83e82ca0bf3b9
SHA512

38bd649645fcce123293ad3e5722da72dcd12b0de13b20d57d662c7f3b00d091f66b0a8eacdb7630c87ef694ea4934613c3f291c0b54240c782f4363b166368c
SSDEEP

192:/BksuHEXVwVBMeMZZ3h93VnjdwCz13nVFMK:FVw7MeMDFnhwCBXVFM

Score

1^/10

Suspicious use of AdjustPrivilegeToken 1 IoCs

description	pid	Process
Token: SeDebugPrivilege	2332	b756dd7ba1dea9d098ecffed80c82bf4.exe

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 2332 wrote to memory of 2560	2332	b756dd7ba1dea9d098ecffed80c82bf4.exe	28
PID 2332 wrote to memory of 2560	2332	b756dd7ba1dea9d098ecffed80c82bf4.exe	28
PID 2332 wrote to memory of 2560	2332	b756dd7ba1dea9d098ecffed80c82bf4.exe	28

C:\Users\Admin\AppData\Local\Temp\b756dd7ba1dea9d098ecffed80c82bf4.exe
"C:\Users\Admin\AppData\Local\Temp\b756dd7ba1dea9d098ecffed80c82bf4.exe"
1⤵
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
PID:2332
- C:\Windows\system32\WerFault.exe
  C:\Windows\system32\WerFault.exe -u -p 2332 -s 900
  2⤵
  PID:2560

memory/2332-0-0x0000000000210000-0x0000000000218000-memory.dmp

Filesize
32KB

Download
memory/2332-1-0x000007FEF5090000-0x000007FEF5A7C000-memory.dmp

Filesize
9.9MB

Download
memory/2332-2-0x00000000021A0000-0x0000000002220000-memory.dmp

Filesize
512KB

Download
memory/2332-3-0x000007FEF5090000-0x000007FEF5A7C000-memory.dmp

Filesize
9.9MB

Download
memory/2332-4-0x00000000021A0000-0x0000000002220000-memory.dmp

Filesize
512KB

Download