f231366ef937cff1f9e01672b81a12ff1bf3f3eb80750353f88b034f4c5c70da

Analysis

max time kernel
122s
max time network
134s
platform
windows7_x64
resource
win7-20240221-en
resource tags

arch:x64arch:x86image:win7-20240221-enlocale:en-usos:windows7-x64system
submitted
10/03/2024, 23:58

Target

bf4c8e917eb7807c2b71557badcec34b.exe
Size

9KB
MD5

bf4c8e917eb7807c2b71557badcec34b
SHA1

e68a16e375dc1afefd2e804e95387340d7e88a59
SHA256

f231366ef937cff1f9e01672b81a12ff1bf3f3eb80750353f88b034f4c5c70da
SHA512

5426163895f3bd379880601f21db39cd630c867be05f077ee644283f09a2cdfb7d1fc10a65f81fe7f778b9cc9f84d56422a1a47ab14ab94f9ce9a08d2c13ae4e
SSDEEP

192:VBksub9MuIcZeMZZ3B93VnjdwqzHh3vpnt:CltZeMjFnhwqrhBn

Score

1^/10

Suspicious use of AdjustPrivilegeToken 1 IoCs

description	pid	Process
Token: SeDebugPrivilege	2628	bf4c8e917eb7807c2b71557badcec34b.exe

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 2628 wrote to memory of 2524	2628	bf4c8e917eb7807c2b71557badcec34b.exe	29
PID 2628 wrote to memory of 2524	2628	bf4c8e917eb7807c2b71557badcec34b.exe	29
PID 2628 wrote to memory of 2524	2628	bf4c8e917eb7807c2b71557badcec34b.exe	29

C:\Users\Admin\AppData\Local\Temp\bf4c8e917eb7807c2b71557badcec34b.exe
"C:\Users\Admin\AppData\Local\Temp\bf4c8e917eb7807c2b71557badcec34b.exe"
1⤵
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
PID:2628
- C:\Windows\system32\WerFault.exe
  C:\Windows\system32\WerFault.exe -u -p 2628 -s 900
  2⤵
  PID:2524

memory/2628-0-0x0000000000980000-0x0000000000988000-memory.dmp

Filesize
32KB

Download
memory/2628-1-0x000007FEF6030000-0x000007FEF6A1C000-memory.dmp

Filesize
9.9MB

Download
memory/2628-2-0x0000000001FB0000-0x0000000002030000-memory.dmp

Filesize
512KB

Download
memory/2628-3-0x000007FEF6030000-0x000007FEF6A1C000-memory.dmp

Filesize
9.9MB

Download
memory/2628-4-0x0000000001FB0000-0x0000000002030000-memory.dmp

Filesize
512KB

Download