dad36cda0cade00cb3c68090305456165843a37fb0ad2c38858d018731c00fff

Analysis

max time kernel
121s
max time network
122s
platform
windows7_x64
resource
win7-20240221-en
resource tags

arch:x64arch:x86image:win7-20240221-enlocale:en-usos:windows7-x64system
submitted
26/03/2024, 09:36

Target

ded8ad17fc3fdb8ecdf4d04565c645c7.exe
Size

9KB
MD5

ded8ad17fc3fdb8ecdf4d04565c645c7
SHA1

452cbdbbf00f4e3b483008eefc881765ae9e3c99
SHA256

dad36cda0cade00cb3c68090305456165843a37fb0ad2c38858d018731c00fff
SHA512

c7034e7645d059722b038d0dcdf4be91624a9cbbcf5a1f809d3e3be92694d829d231b84da30303498b40a76bb2fab7a9440edf0559c62024c516693f42907a51
SSDEEP

192:sONBksuHzHNQwMeMZZ3o93VnjdwqzY3Hf8:s/HzMeM0Fnhwqs3f

Score

1^/10

Suspicious use of AdjustPrivilegeToken 1 IoCs

description	pid	Process
Token: SeDebugPrivilege	2044	ded8ad17fc3fdb8ecdf4d04565c645c7.exe

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 2044 wrote to memory of 2524	2044	ded8ad17fc3fdb8ecdf4d04565c645c7.exe	28
PID 2044 wrote to memory of 2524	2044	ded8ad17fc3fdb8ecdf4d04565c645c7.exe	28
PID 2044 wrote to memory of 2524	2044	ded8ad17fc3fdb8ecdf4d04565c645c7.exe	28

C:\Users\Admin\AppData\Local\Temp\ded8ad17fc3fdb8ecdf4d04565c645c7.exe
"C:\Users\Admin\AppData\Local\Temp\ded8ad17fc3fdb8ecdf4d04565c645c7.exe"
1⤵
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
PID:2044
- C:\Windows\system32\WerFault.exe
  C:\Windows\system32\WerFault.exe -u -p 2044 -s 892
  2⤵
  PID:2524

memory/2044-0-0x0000000000A00000-0x0000000000A08000-memory.dmp

Filesize
32KB

Download
memory/2044-1-0x000007FEF5C20000-0x000007FEF660C000-memory.dmp

Filesize
9.9MB

Download
memory/2044-2-0x000000001B000000-0x000000001B080000-memory.dmp

Filesize
512KB

Download
memory/2044-3-0x000007FEF5C20000-0x000007FEF660C000-memory.dmp

Filesize
9.9MB

Download
memory/2044-4-0x000000001B000000-0x000000001B080000-memory.dmp

Filesize
512KB

Download