b05844931092d40147c8ad5d2245b7605fc90d2eda1aa2ccf57072f566387399

Analysis

max time kernel
121s
max time network
123s
platform
windows7_x64
resource
win7-20240221-en
resource tags

arch:x64arch:x86image:win7-20240221-enlocale:en-usos:windows7-x64system
submitted
08-03-2024 14:50

Target

bb88de37ade2769b85cd50f7b6093abd.exe
Size

42KB
MD5

bb88de37ade2769b85cd50f7b6093abd
SHA1

624bc0d9ff5ff4e04fe4af50293b45fde7f7753c
SHA256

b05844931092d40147c8ad5d2245b7605fc90d2eda1aa2ccf57072f566387399
SHA512

29ff2fb51bf26af54b488678dddfbe30f41c7ac030910a33b1e051bac57d4c87b61e28dffb3e5fddc4ce060b936d19b797d40d70a38b14cc8968a421ee4fa126
SSDEEP

768:qH283FmzKyraWUfSMhRIMY7H4GUMPjKnMfIhDH11S5e03cSgTkLgvxNtM9QHJ:czkKyr0fSMhRIMY7HvUMPEMfIJ3Mn4x9

Score

3^/10

Program crash 1 IoCs

pid	pid_target	Process	procid_target
3012	2180	WerFault.exe	27

Suspicious behavior: EnumeratesProcesses 2 IoCs

pid	Process
2180	bb88de37ade2769b85cd50f7b6093abd.exe
2180	bb88de37ade2769b85cd50f7b6093abd.exe

Suspicious use of AdjustPrivilegeToken 2 IoCs

description	pid	Process
Token: SeDebugPrivilege	2180	bb88de37ade2769b85cd50f7b6093abd.exe
Token: SeLoadDriverPrivilege	2180	bb88de37ade2769b85cd50f7b6093abd.exe

Suspicious use of WriteProcessMemory 4 IoCs

description	pid	Process	procid_target
PID 2180 wrote to memory of 3012	2180	bb88de37ade2769b85cd50f7b6093abd.exe	28
PID 2180 wrote to memory of 3012	2180	bb88de37ade2769b85cd50f7b6093abd.exe	28
PID 2180 wrote to memory of 3012	2180	bb88de37ade2769b85cd50f7b6093abd.exe	28
PID 2180 wrote to memory of 3012	2180	bb88de37ade2769b85cd50f7b6093abd.exe	28

C:\Users\Admin\AppData\Local\Temp\bb88de37ade2769b85cd50f7b6093abd.exe
"C:\Users\Admin\AppData\Local\Temp\bb88de37ade2769b85cd50f7b6093abd.exe"
1⤵
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
PID:2180
- C:\Windows\SysWOW64\WerFault.exe
  C:\Windows\SysWOW64\WerFault.exe -u -p 2180 -s 168
  2⤵
  - Program crash
  PID:3012