1fc78b7fb22233f0a2db891bad29301440b8ebb450a7953150b46952df396ecc

Analysis

max time kernel
121s
max time network
125s
platform
windows7_x64
resource
win7-20240221-en
resource tags

arch:x64arch:x86image:win7-20240221-enlocale:en-usos:windows7-x64system
submitted
18/03/2024, 14:03 UTC

Target

d3b18a63cfe9e2ec86804a54dd3469e6.exe
Size

31KB
MD5

d3b18a63cfe9e2ec86804a54dd3469e6
SHA1

95211d4e478dc6e1a3ee510e1f693eea0bcae648
SHA256

1fc78b7fb22233f0a2db891bad29301440b8ebb450a7953150b46952df396ecc
SHA512

f5be1ea456a4daaa1ccf40f1f36652c21bc9cac9ad38f27a8e15d9597e357e88f554231cb6392b38d71c55bf64aa03c4362cab19fd21ffdbc4e6363bada97a83
SSDEEP

384:ttJ5FJJDZCGsMsV2ehJu6l/mKAzKvmFgxH4Dzefe/asx4jf2BhWjxh3vF8OrtNF+:f/9sMPeG6EimKxHEe1XhfF8OB3hQ

Score

3^/10

Program crash 1 IoCs

pid	pid_target	Process	procid_target
2972	2940	WerFault.exe	27

Suspicious use of AdjustPrivilegeToken 1 IoCs

description	pid	Process
Token: SeDebugPrivilege	2940	d3b18a63cfe9e2ec86804a54dd3469e6.exe

Suspicious use of WriteProcessMemory 4 IoCs

description	pid	Process	procid_target
PID 2940 wrote to memory of 2972	2940	d3b18a63cfe9e2ec86804a54dd3469e6.exe	28
PID 2940 wrote to memory of 2972	2940	d3b18a63cfe9e2ec86804a54dd3469e6.exe	28
PID 2940 wrote to memory of 2972	2940	d3b18a63cfe9e2ec86804a54dd3469e6.exe	28
PID 2940 wrote to memory of 2972	2940	d3b18a63cfe9e2ec86804a54dd3469e6.exe	28

C:\Users\Admin\AppData\Local\Temp\d3b18a63cfe9e2ec86804a54dd3469e6.exe
"C:\Users\Admin\AppData\Local\Temp\d3b18a63cfe9e2ec86804a54dd3469e6.exe"
1⤵
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
PID:2940
- C:\Windows\SysWOW64\WerFault.exe
  C:\Windows\SysWOW64\WerFault.exe -u -p 2940 -s 976
  2⤵
  - Program crash
  PID:2972

No results found

memory/2940-0-0x0000000073EB0000-0x000000007459E000-memory.dmp

Filesize
6.9MB

Download
memory/2940-1-0x0000000000E70000-0x0000000000E7C000-memory.dmp

Filesize
48KB

Download
memory/2940-2-0x0000000004E70000-0x0000000004EB0000-memory.dmp

Filesize
256KB

Download
memory/2940-4-0x0000000073EB0000-0x000000007459E000-memory.dmp

Filesize
6.9MB

Download
memory/2940-5-0x0000000004E70000-0x0000000004EB0000-memory.dmp

Filesize
256KB

Download