8cece70bbfdfe1792ec9e1c3be822369aaee57680ea0bc78bd8dc37d07e43fc0

Analysis

max time kernel
121s
max time network
124s
platform
windows7_x64
resource
win7-20231129-en
resource tags

arch:x64arch:x86image:win7-20231129-enlocale:en-usos:windows7-x64system
submitted
14/03/2024, 07:20

Target

CATALOG LIST‮s᠎x᠎l᠎x᠎..exe
Size

616KB
MD5

4390e4862c4906c8a2f35366ba4066d9
SHA1

4688330403611320e6d37dbc54e2327e47b2fe0e
SHA256

8cece70bbfdfe1792ec9e1c3be822369aaee57680ea0bc78bd8dc37d07e43fc0
SHA512

882faa9f80c507b9cb8d2e595893f78dc7a72e1b74c951a3a19d1db6d6682b3b544f74902b946c1a4e6f807cb8c54192366cce5eb360f79ba55da99b940c7d75
SSDEEP

12288:ofiw8MkxswcXKC2zNWfm2YRm5sm2YRm5hkxswcXKC2zNW:gD8MZX9uWfm2Yysm2YyhZX9uW

Score

1^/10

Suspicious use of AdjustPrivilegeToken 1 IoCs

description	pid	Process
Token: SeDebugPrivilege	2136	CATALOG LIST‮s᠎x᠎l᠎x᠎..exe

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 2136 wrote to memory of 2648	2136	CATALOG LIST‮s᠎x᠎l᠎x᠎..exe	28
PID 2136 wrote to memory of 2648	2136	CATALOG LIST‮s᠎x᠎l᠎x᠎..exe	28
PID 2136 wrote to memory of 2648	2136	CATALOG LIST‮s᠎x᠎l᠎x᠎..exe	28

C:\Users\Admin\AppData\Local\Temp\CATALOG LIST‮s᠎x᠎l᠎x᠎..exe
"C:\Users\Admin\AppData\Local\Temp\CATALOG LIST‮s᠎x᠎l᠎x᠎..exe"
1⤵
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
PID:2136
- C:\Windows\system32\WerFault.exe
  C:\Windows\system32\WerFault.exe -u -p 2136 -s 1604
  2⤵
  PID:2648

memory/2136-0-0x0000000000260000-0x00000000002FE000-memory.dmp

Filesize
632KB

Download
memory/2136-1-0x000007FEF61B0000-0x000007FEF6B9C000-memory.dmp

Filesize
9.9MB

Download
memory/2136-2-0x000000001AFD0000-0x000000001B050000-memory.dmp

Filesize
512KB

Download
memory/2136-17-0x000000001B2C0000-0x000000001B35C000-memory.dmp

Filesize
624KB

Download
memory/2136-18-0x000007FEF61B0000-0x000007FEF6B9C000-memory.dmp

Filesize
9.9MB

Download