6bbf8132c84e246a58c6af3d10de8c0b82c2b3d4df2391243f347b55d5a8f9ea

Analysis

max time kernel
122s
max time network
138s
platform
windows7_x64
resource
win7-20240221-en
resource tags

arch:x64arch:x86image:win7-20240221-enlocale:en-usos:windows7-x64system
submitted
10-03-2024 14:22

Target

bed3e52e798f1d07073b5135617c8b37.exe
Size

9KB
MD5

bed3e52e798f1d07073b5135617c8b37
SHA1

29c26ed4cce4d6d27b61e4f310a737ece8696cb7
SHA256

6bbf8132c84e246a58c6af3d10de8c0b82c2b3d4df2391243f347b55d5a8f9ea
SHA512

a2121c85dd6304743b4e5eab542bc92a69c25c430e14a865271c532879b46fc2d1f8d2d6c943d7db81971e5aba97a6c8b499ab44c03470406177658ff98fa005
SSDEEP

192:BBksuXm6N7oy1laeMZZ3093Vnjdwqzy31sedWdH:J4xnaeMwFnhwqWCe0d

Score

1^/10

Suspicious use of AdjustPrivilegeToken 1 IoCs

description	pid	Process
Token: SeDebugPrivilege	2892	bed3e52e798f1d07073b5135617c8b37.exe

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 2892 wrote to memory of 2352	2892	bed3e52e798f1d07073b5135617c8b37.exe	29
PID 2892 wrote to memory of 2352	2892	bed3e52e798f1d07073b5135617c8b37.exe	29
PID 2892 wrote to memory of 2352	2892	bed3e52e798f1d07073b5135617c8b37.exe	29

C:\Users\Admin\AppData\Local\Temp\bed3e52e798f1d07073b5135617c8b37.exe
"C:\Users\Admin\AppData\Local\Temp\bed3e52e798f1d07073b5135617c8b37.exe"
1⤵
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
PID:2892
- C:\Windows\system32\WerFault.exe
  C:\Windows\system32\WerFault.exe -u -p 2892 -s 912
  2⤵
  PID:2352

memory/2892-0-0x0000000000860000-0x0000000000868000-memory.dmp

Filesize
32KB

Download
memory/2892-1-0x000007FEF6030000-0x000007FEF6A1C000-memory.dmp

Filesize
9.9MB

Download
memory/2892-2-0x000000001B0E0000-0x000000001B160000-memory.dmp

Filesize
512KB

Download
memory/2892-3-0x000007FEF6030000-0x000007FEF6A1C000-memory.dmp

Filesize
9.9MB

Download
memory/2892-4-0x000000001B0E0000-0x000000001B160000-memory.dmp

Filesize
512KB

Download