95f246104de157265b8e09490e4039062613eb2817039dfb8d9c96af76dff61b

Analysis

max time kernel
121s
max time network
123s
platform
windows7_x64
resource
win7-20240221-en
resource tags

arch:x64arch:x86image:win7-20240221-enlocale:en-usos:windows7-x64system
submitted
19/03/2024, 06:21

Target

d56a0e6d3b52631eef64a5a13a853b0d.exe
Size

9KB
MD5

d56a0e6d3b52631eef64a5a13a853b0d
SHA1

9ed1cb6f353c66624be09191e28f55b74085d78a
SHA256

95f246104de157265b8e09490e4039062613eb2817039dfb8d9c96af76dff61b
SHA512

6ab1131da950e7a996e680e6513f8f949818ca864333eb829f8e7ee4147b26ecb360f3076216eeca0cdd04d4b1ec0abc7a06d5a6a6dbc69af8fb365aed26602e
SSDEEP

192:jBksunrN3y+dVeMZZ3k93VnjdwCzP3Gtvz:EZ7VeMYFnhwCL2tv

Score

1^/10

Suspicious use of AdjustPrivilegeToken 1 IoCs

description	pid	Process
Token: SeDebugPrivilege	3004	d56a0e6d3b52631eef64a5a13a853b0d.exe

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 3004 wrote to memory of 2256	3004	d56a0e6d3b52631eef64a5a13a853b0d.exe	28
PID 3004 wrote to memory of 2256	3004	d56a0e6d3b52631eef64a5a13a853b0d.exe	28
PID 3004 wrote to memory of 2256	3004	d56a0e6d3b52631eef64a5a13a853b0d.exe	28

C:\Users\Admin\AppData\Local\Temp\d56a0e6d3b52631eef64a5a13a853b0d.exe
"C:\Users\Admin\AppData\Local\Temp\d56a0e6d3b52631eef64a5a13a853b0d.exe"
1⤵
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
PID:3004
- C:\Windows\system32\WerFault.exe
  C:\Windows\system32\WerFault.exe -u -p 3004 -s 900
  2⤵
  PID:2256

memory/3004-0-0x0000000001020000-0x0000000001028000-memory.dmp

Filesize
32KB

Download
memory/3004-1-0x000007FEF56F0000-0x000007FEF60DC000-memory.dmp

Filesize
9.9MB

Download
memory/3004-2-0x000000001B5D0000-0x000000001B650000-memory.dmp

Filesize
512KB

Download
memory/3004-3-0x000007FEF56F0000-0x000007FEF60DC000-memory.dmp

Filesize
9.9MB

Download
memory/3004-4-0x000000001B5D0000-0x000000001B650000-memory.dmp

Filesize
512KB

Download