04441b8fe3ccee5cde4e39999002d2a8cf5f1fb44c5cae9c8360cb1b2f7a3bc1

Analysis

max time kernel
122s
max time network
123s
platform
windows7_x64
resource
win7-20240221-en
resource tags

arch:x64arch:x86image:win7-20240221-enlocale:en-usos:windows7-x64system
submitted
13/03/2024, 23:12

Target

c716d70add332e6327654df689826aab.exe
Size

9KB
MD5

c716d70add332e6327654df689826aab
SHA1

fd8cb9a7e87bf998772c28c572950ba0e1373f42
SHA256

04441b8fe3ccee5cde4e39999002d2a8cf5f1fb44c5cae9c8360cb1b2f7a3bc1
SHA512

afcab39bb98a2d49391f1b52f0fa81f36a8799a8866f57b42c739908212ff9bc0f3f9f23d9cb10b186645944af881d38d38d11ce9e2b98369922c5ef0193dd2f
SSDEEP

192:nBksun9MuIz9eMZZ3d93VnjdwqzWv3xN:8le9eMHFnhwqKh

Score

1^/10

Suspicious use of AdjustPrivilegeToken 1 IoCs

description	pid	Process
Token: SeDebugPrivilege	2020	c716d70add332e6327654df689826aab.exe

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 2020 wrote to memory of 2584	2020	c716d70add332e6327654df689826aab.exe	28
PID 2020 wrote to memory of 2584	2020	c716d70add332e6327654df689826aab.exe	28
PID 2020 wrote to memory of 2584	2020	c716d70add332e6327654df689826aab.exe	28

C:\Users\Admin\AppData\Local\Temp\c716d70add332e6327654df689826aab.exe
"C:\Users\Admin\AppData\Local\Temp\c716d70add332e6327654df689826aab.exe"
1⤵
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
PID:2020
- C:\Windows\system32\WerFault.exe
  C:\Windows\system32\WerFault.exe -u -p 2020 -s 892
  2⤵
  PID:2584

memory/2020-0-0x00000000000F0000-0x00000000000F8000-memory.dmp

Filesize
32KB

Download
memory/2020-1-0x000007FEF5430000-0x000007FEF5E1C000-memory.dmp

Filesize
9.9MB

Download
memory/2020-2-0x000000001B070000-0x000000001B0F0000-memory.dmp

Filesize
512KB

Download
memory/2020-3-0x000007FEF5430000-0x000007FEF5E1C000-memory.dmp

Filesize
9.9MB

Download
memory/2020-4-0x000000001B070000-0x000000001B0F0000-memory.dmp

Filesize
512KB

Download