198fd65a08bbc00c1e4c18f0a31814c851a68db68b93c6002f9ffc6fb57688d4

Analysis

max time kernel
30s
max time network
44s
platform
windows10-2004_x64
resource
win10v2004-20240226-en
resource tags

arch:x64arch:x86image:win10v2004-20240226-enlocale:en-usos:windows10-2004-x64system
submitted
13/03/2024, 19:58

Target

OetK6pK9.exe
Size

13KB
MD5

77a9708c23a8cafb5b6fcc28bc13cdc4
SHA1

37f89a24141f0834c9a2e8b284df5ee2ebae3108
SHA256

198fd65a08bbc00c1e4c18f0a31814c851a68db68b93c6002f9ffc6fb57688d4
SHA512

c06412b953e1083cbcf8657befa78bfb3a9c0bb88cea5b65b40beb76782f9cfd8e8b78feb0d7a87192e59e432a5e1a2473e1503aa9f915d6b1f8f56ae8704949
SSDEEP

384:aPo++TQO/PP5D0T6LUZyjdfJptYcFwVc03KP:KwD0T6L8yVjtYcFwVc6KP

Score

3^/10

Program crash 1 IoCs

pid	pid_target	Process	procid_target
4592	4488	WerFault.exe	87

Suspicious use of AdjustPrivilegeToken 1 IoCs

description	pid	Process
Token: SeDebugPrivilege	4488	OetK6pK9.exe

C:\Users\Admin\AppData\Local\Temp\OetK6pK9.exe
"C:\Users\Admin\AppData\Local\Temp\OetK6pK9.exe"
1⤵
- Suspicious use of AdjustPrivilegeToken
PID:4488
- C:\Windows\SysWOW64\WerFault.exe
  C:\Windows\SysWOW64\WerFault.exe -u -p 4488 -s 1724
  2⤵
  - Program crash
  PID:4592

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 444 -p 4488 -ip 4488
1⤵
PID:912

memory/4488-0-0x00000000749F0000-0x00000000751A0000-memory.dmp

Filesize
7.7MB

Download
memory/4488-1-0x00000000008B0000-0x00000000008B8000-memory.dmp

Filesize
32KB

Download
memory/4488-2-0x0000000005310000-0x0000000005320000-memory.dmp

Filesize
64KB

Download
memory/4488-3-0x00000000749F0000-0x00000000751A0000-memory.dmp

Filesize
7.7MB

Download
memory/4488-4-0x0000000005310000-0x0000000005320000-memory.dmp

Filesize
64KB

Download