d5fd678a2ab4c77415f98b1ee33630dd3077cfd73f6943787aee2a1e5a438774

Analysis

max time kernel
121s
max time network
123s
platform
windows7_x64
resource
win7-20240221-en
resource tags

arch:x64arch:x86image:win7-20240221-enlocale:en-usos:windows7-x64system
submitted
08-03-2024 13:12

Target

bb599f5c8e48ba7ddafc03e47eaa8c20.exe
Size

9KB
MD5

bb599f5c8e48ba7ddafc03e47eaa8c20
SHA1

771b571e4be6be30a9647cceb32a02a0a4fd61d9
SHA256

d5fd678a2ab4c77415f98b1ee33630dd3077cfd73f6943787aee2a1e5a438774
SHA512

1ab1000d3edcbfcce6b57a6733f13182ab7c39927db9b97d6232c442da2b78589cd59aa8a6c14c13614d435075d90506edd10e8a494b9398570ef2d31a5ebea3
SSDEEP

192:1BksuXrN3y+TNeMZZ3g93VnjdwCzF3ShpK0:yZBNeMcFnhwCxihpK

Score

1^/10

Suspicious use of AdjustPrivilegeToken 1 IoCs

description	pid	Process
Token: SeDebugPrivilege	2292	bb599f5c8e48ba7ddafc03e47eaa8c20.exe

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 2292 wrote to memory of 2676	2292	bb599f5c8e48ba7ddafc03e47eaa8c20.exe	28
PID 2292 wrote to memory of 2676	2292	bb599f5c8e48ba7ddafc03e47eaa8c20.exe	28
PID 2292 wrote to memory of 2676	2292	bb599f5c8e48ba7ddafc03e47eaa8c20.exe	28

C:\Users\Admin\AppData\Local\Temp\bb599f5c8e48ba7ddafc03e47eaa8c20.exe
"C:\Users\Admin\AppData\Local\Temp\bb599f5c8e48ba7ddafc03e47eaa8c20.exe"
1⤵
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
PID:2292
- C:\Windows\system32\WerFault.exe
  C:\Windows\system32\WerFault.exe -u -p 2292 -s 896
  2⤵
  PID:2676

memory/2292-0-0x0000000000F00000-0x0000000000F08000-memory.dmp

Filesize
32KB

Download
memory/2292-1-0x000007FEF58E0000-0x000007FEF62CC000-memory.dmp

Filesize
9.9MB

Download
memory/2292-2-0x0000000000530000-0x00000000005B0000-memory.dmp

Filesize
512KB

Download
memory/2292-3-0x000007FEF58E0000-0x000007FEF62CC000-memory.dmp

Filesize
9.9MB

Download
memory/2292-4-0x0000000000530000-0x00000000005B0000-memory.dmp

Filesize
512KB

Download