ccc209e453683bf8a4f7333eb27a69fbd8d0bdc235a27c508e303d4776de665a

Analysis

max time kernel
121s
max time network
121s
platform
windows7_x64
resource
win7-20240221-en
resource tags

arch:x64arch:x86image:win7-20240221-enlocale:en-usos:windows7-x64system
submitted
19/03/2024, 08:14

Target

d5a1c6d467b8202139a97e2cf92bb3d2.exe
Size

9KB
MD5

d5a1c6d467b8202139a97e2cf92bb3d2
SHA1

e217f07509aeba06b30b413c256e89ac9b6eb5fc
SHA256

ccc209e453683bf8a4f7333eb27a69fbd8d0bdc235a27c508e303d4776de665a
SHA512

70aa463f37c282d8c1946ef18e31f2d63724e35783b3a5146e75abbbf24bb278a96c1b7a73327e77f73ac2c4970766eaa2f7dba279f164f647248b500f3d0f50
SSDEEP

192:OBksuXzHNQKBeMZZ3n93VnjdwqzQ3qeYH:BHdBeMBFnhwq8aeY

Score

1^/10

Suspicious use of AdjustPrivilegeToken 1 IoCs

description	pid	Process
Token: SeDebugPrivilege	2840	d5a1c6d467b8202139a97e2cf92bb3d2.exe

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 2840 wrote to memory of 2676	2840	d5a1c6d467b8202139a97e2cf92bb3d2.exe	28
PID 2840 wrote to memory of 2676	2840	d5a1c6d467b8202139a97e2cf92bb3d2.exe	28
PID 2840 wrote to memory of 2676	2840	d5a1c6d467b8202139a97e2cf92bb3d2.exe	28

C:\Users\Admin\AppData\Local\Temp\d5a1c6d467b8202139a97e2cf92bb3d2.exe
"C:\Users\Admin\AppData\Local\Temp\d5a1c6d467b8202139a97e2cf92bb3d2.exe"
1⤵
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
PID:2840
- C:\Windows\system32\WerFault.exe
  C:\Windows\system32\WerFault.exe -u -p 2840 -s 892
  2⤵
  PID:2676

memory/2840-0-0x00000000003B0000-0x00000000003B8000-memory.dmp

Filesize
32KB

Download
memory/2840-1-0x000007FEF5790000-0x000007FEF617C000-memory.dmp

Filesize
9.9MB

Download
memory/2840-2-0x000000001B3B0000-0x000000001B430000-memory.dmp

Filesize
512KB

Download
memory/2840-3-0x000007FEF5790000-0x000007FEF617C000-memory.dmp

Filesize
9.9MB

Download
memory/2840-4-0x000000001B3B0000-0x000000001B430000-memory.dmp

Filesize
512KB

Download