9f7cd187fb3fd3727820d9a77979476ed9c3e8d27db4b41a1cae8d0de26c00db

Analysis

max time kernel
122s
max time network
125s
platform
windows7_x64
resource
win7-20240221-en
resource tags

arch:x64arch:x86image:win7-20240221-enlocale:en-usos:windows7-x64system
submitted
19/03/2024, 17:40

Target

d6ba0bc1ed10ae4a790ee1e23e176bce.exe
Size

9KB
MD5

d6ba0bc1ed10ae4a790ee1e23e176bce
SHA1

bd6d486612793994a6d5eec274c139c8c3d873f4
SHA256

9f7cd187fb3fd3727820d9a77979476ed9c3e8d27db4b41a1cae8d0de26c00db
SHA512

01b5b02dfdd36be0e20b4e557386c036e9e6b64692c2ecdd4aa046ed4cc3da040d9e03682897cea3f24724e6344519f57a8e4f9c4240aba27424ad2842f3f9b9
SSDEEP

192:lVBksu/EXVwVgieMZZ3H93VnjdwCzF3ftgz:ljVwGieMxFnhwCxPtg

Score

1^/10

Suspicious use of AdjustPrivilegeToken 1 IoCs

description	pid	Process
Token: SeDebugPrivilege	2188	d6ba0bc1ed10ae4a790ee1e23e176bce.exe

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 2188 wrote to memory of 2704	2188	d6ba0bc1ed10ae4a790ee1e23e176bce.exe	28
PID 2188 wrote to memory of 2704	2188	d6ba0bc1ed10ae4a790ee1e23e176bce.exe	28
PID 2188 wrote to memory of 2704	2188	d6ba0bc1ed10ae4a790ee1e23e176bce.exe	28

C:\Users\Admin\AppData\Local\Temp\d6ba0bc1ed10ae4a790ee1e23e176bce.exe
"C:\Users\Admin\AppData\Local\Temp\d6ba0bc1ed10ae4a790ee1e23e176bce.exe"
1⤵
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
PID:2188
- C:\Windows\system32\WerFault.exe
  C:\Windows\system32\WerFault.exe -u -p 2188 -s 900
  2⤵
  PID:2704

memory/2188-0-0x0000000000E00000-0x0000000000E08000-memory.dmp

Filesize
32KB

Download
memory/2188-1-0x000007FEF5C90000-0x000007FEF667C000-memory.dmp

Filesize
9.9MB

Download
memory/2188-2-0x0000000000B60000-0x0000000000BE0000-memory.dmp

Filesize
512KB

Download
memory/2188-3-0x000007FEF5C90000-0x000007FEF667C000-memory.dmp

Filesize
9.9MB

Download
memory/2188-4-0x0000000000B60000-0x0000000000BE0000-memory.dmp

Filesize
512KB

Download