3657399e863dce379e4038d813d9234d6844fe2671538980eca8e55dbd8c2b2d

Analysis

max time kernel
117s
max time network
118s
platform
windows7_x64
resource
win7-20240221-en
resource tags

arch:x64arch:x86image:win7-20240221-enlocale:en-usos:windows7-x64system
submitted
11/03/2024, 04:22

Target

bfd54f7580601a600961a0175a8748e8.exe
Size

9KB
MD5

bfd54f7580601a600961a0175a8748e8
SHA1

6c1e7d33cd0c95f786264942f9b2ab101ba47fa3
SHA256

3657399e863dce379e4038d813d9234d6844fe2671538980eca8e55dbd8c2b2d
SHA512

dfb8eb1188198bc3e599db0f4af84ced44116e4ea1a57e89d7c039401246477ba31f962d1cac83be335346457c0d166935996e154a5d1f37dc953f1ad210e456
SSDEEP

192:FBksuHDUSOV2oJyeMZZ3f93VnjdwCzT3YGaHzEE:oCyeMJFnhwC3IGaHI

Score

1^/10

Suspicious use of AdjustPrivilegeToken 1 IoCs

description	pid	Process
Token: SeDebugPrivilege	2056	bfd54f7580601a600961a0175a8748e8.exe

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 2056 wrote to memory of 2700	2056	bfd54f7580601a600961a0175a8748e8.exe	28
PID 2056 wrote to memory of 2700	2056	bfd54f7580601a600961a0175a8748e8.exe	28
PID 2056 wrote to memory of 2700	2056	bfd54f7580601a600961a0175a8748e8.exe	28

C:\Users\Admin\AppData\Local\Temp\bfd54f7580601a600961a0175a8748e8.exe
"C:\Users\Admin\AppData\Local\Temp\bfd54f7580601a600961a0175a8748e8.exe"
1⤵
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
PID:2056
- C:\Windows\system32\WerFault.exe
  C:\Windows\system32\WerFault.exe -u -p 2056 -s 888
  2⤵
  PID:2700

memory/2056-0-0x0000000000DC0000-0x0000000000DC8000-memory.dmp

Filesize
32KB

Download
memory/2056-1-0x000007FEF56F0000-0x000007FEF60DC000-memory.dmp

Filesize
9.9MB

Download
memory/2056-2-0x000000001A800000-0x000000001A880000-memory.dmp

Filesize
512KB

Download
memory/2056-3-0x000007FEF56F0000-0x000007FEF60DC000-memory.dmp

Filesize
9.9MB

Download
memory/2056-4-0x000000001A800000-0x000000001A880000-memory.dmp

Filesize
512KB

Download