c1fe98a8d42cc4de8a0b0795764e4e762d9c5b3642a859188c29d9ec8f9188ff

Analysis

max time kernel
117s
max time network
124s
platform
windows7_x64
resource
win7-20240221-en
resource tags

arch:x64arch:x86image:win7-20240221-enlocale:en-usos:windows7-x64system
submitted
14/03/2024, 15:29

Target

c8f8742cf326ab5119c376ed38315dd4.exe
Size

9KB
MD5

c8f8742cf326ab5119c376ed38315dd4
SHA1

896b57b216a8a7bd8d6cb36c839847a88db03ac0
SHA256

c1fe98a8d42cc4de8a0b0795764e4e762d9c5b3642a859188c29d9ec8f9188ff
SHA512

5d18453fc6135d7faaeb0fdd2eecefc548e5b0495120f6d5b2b87fdcf4c8929eaf9258f786584f3efee21f98de3bddad2d5ddd835dddf6ff6e46ba972106bf8e
SSDEEP

192:7BksuXEXVwVbveMZZ3o93VnjdwCzF3fjIE+:BVwtveM8FnhwCRv0E

Score

1^/10

Suspicious use of AdjustPrivilegeToken 1 IoCs

description	pid	Process
Token: SeDebugPrivilege	2368	c8f8742cf326ab5119c376ed38315dd4.exe

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 2368 wrote to memory of 2684	2368	c8f8742cf326ab5119c376ed38315dd4.exe	28
PID 2368 wrote to memory of 2684	2368	c8f8742cf326ab5119c376ed38315dd4.exe	28
PID 2368 wrote to memory of 2684	2368	c8f8742cf326ab5119c376ed38315dd4.exe	28

C:\Users\Admin\AppData\Local\Temp\c8f8742cf326ab5119c376ed38315dd4.exe
"C:\Users\Admin\AppData\Local\Temp\c8f8742cf326ab5119c376ed38315dd4.exe"
1⤵
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
PID:2368
- C:\Windows\system32\WerFault.exe
  C:\Windows\system32\WerFault.exe -u -p 2368 -s 904
  2⤵
  PID:2684

memory/2368-0-0x0000000000EF0000-0x0000000000EF8000-memory.dmp

Filesize
32KB

Download
memory/2368-1-0x000007FEF5ED0000-0x000007FEF68BC000-memory.dmp

Filesize
9.9MB

Download
memory/2368-2-0x0000000000710000-0x0000000000790000-memory.dmp

Filesize
512KB

Download
memory/2368-3-0x000007FEF5ED0000-0x000007FEF68BC000-memory.dmp

Filesize
9.9MB

Download
memory/2368-4-0x0000000000710000-0x0000000000790000-memory.dmp

Filesize
512KB

Download