f429653cddaaad2b3ae7331be521a094c1acd18b5f67357a7ce93c18b3480bae

Analysis

max time kernel
119s
max time network
123s
platform
windows7_x64
resource
win7-20240221-en
resource tags

arch:x64arch:x86image:win7-20240221-enlocale:en-usos:windows7-x64system
submitted
10-03-2024 07:58

Target

be143610492f30354cd2f2e134448706.exe
Size

9KB
MD5

be143610492f30354cd2f2e134448706
SHA1

af4345c73cc091c920dd6965d2917803228042a7
SHA256

f429653cddaaad2b3ae7331be521a094c1acd18b5f67357a7ce93c18b3480bae
SHA512

9c7c0e49f6f0c5151f6176fede6a4eb9ec8724d11601bf0ec51b0943f1254865bd7ee592c925af75ebf17a6153487f9b1676cce283e6629771ab5d15664882db
SSDEEP

192:6BksuXEXVwVfieMZZ3D93VnjdwCz23WOIoh:yVwhieMFFnhwCCGjo

Score

1^/10

Suspicious use of AdjustPrivilegeToken 1 IoCs

description	pid	Process
Token: SeDebugPrivilege	2324	be143610492f30354cd2f2e134448706.exe

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 2324 wrote to memory of 2524	2324	be143610492f30354cd2f2e134448706.exe	28
PID 2324 wrote to memory of 2524	2324	be143610492f30354cd2f2e134448706.exe	28
PID 2324 wrote to memory of 2524	2324	be143610492f30354cd2f2e134448706.exe	28

C:\Users\Admin\AppData\Local\Temp\be143610492f30354cd2f2e134448706.exe
"C:\Users\Admin\AppData\Local\Temp\be143610492f30354cd2f2e134448706.exe"
1⤵
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
PID:2324
- C:\Windows\system32\WerFault.exe
  C:\Windows\system32\WerFault.exe -u -p 2324 -s 896
  2⤵
  PID:2524

memory/2324-0-0x0000000000100000-0x0000000000108000-memory.dmp

Filesize
32KB

Download
memory/2324-1-0x000007FEF5490000-0x000007FEF5E7C000-memory.dmp

Filesize
9.9MB

Download
memory/2324-2-0x000000001A620000-0x000000001A6A0000-memory.dmp

Filesize
512KB

Download
memory/2324-3-0x000007FEF5490000-0x000007FEF5E7C000-memory.dmp

Filesize
9.9MB

Download
memory/2324-4-0x000000001A620000-0x000000001A6A0000-memory.dmp

Filesize
512KB

Download