51d2635f22730bda39c675471c27488968ec29cdab13cf86ab060888f94e9d99

Analysis

max time kernel
121s
max time network
122s
platform
windows7_x64
resource
win7-20240221-en
resource tags

arch:x64arch:x86image:win7-20240221-enlocale:en-usos:windows7-x64system
submitted
26-03-2024 18:36

Target

dfd446df8d5951a2f84b6690fcd12387.exe
Size

8KB
MD5

dfd446df8d5951a2f84b6690fcd12387
SHA1

ed6ba40bda0e48cfa6cf37f5a1b812ac03b84860
SHA256

51d2635f22730bda39c675471c27488968ec29cdab13cf86ab060888f94e9d99
SHA512

c9cc19e77dd7bfa897de18cbddb71ec26536fc4d7ed1415740444b7c1afef34b3a99c4cf93124317e9f8866c2aa87e899c03110dc2e1514e5c13616df90180b6
SSDEEP

96:9X0/V1Ip2w7Is6IlqBytLr9yLFMsyRekL3LWzv/JBl4K2PTrpw4l/bLIHAzNt:yI3J5l0ILrYL690kL3LI3Tl4K2rm4Nb

Score

3^/10

Program crash 1 IoCs

pid	pid_target	Process	procid_target
2452	1752	WerFault.exe	27

Suspicious use of AdjustPrivilegeToken 1 IoCs

description	pid	Process
Token: SeDebugPrivilege	1752	dfd446df8d5951a2f84b6690fcd12387.exe

Suspicious use of WriteProcessMemory 4 IoCs

description	pid	Process	procid_target
PID 1752 wrote to memory of 2452	1752	dfd446df8d5951a2f84b6690fcd12387.exe	28
PID 1752 wrote to memory of 2452	1752	dfd446df8d5951a2f84b6690fcd12387.exe	28
PID 1752 wrote to memory of 2452	1752	dfd446df8d5951a2f84b6690fcd12387.exe	28
PID 1752 wrote to memory of 2452	1752	dfd446df8d5951a2f84b6690fcd12387.exe	28

C:\Users\Admin\AppData\Local\Temp\dfd446df8d5951a2f84b6690fcd12387.exe
"C:\Users\Admin\AppData\Local\Temp\dfd446df8d5951a2f84b6690fcd12387.exe"
1⤵
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
PID:1752
- C:\Windows\SysWOW64\WerFault.exe
  C:\Windows\SysWOW64\WerFault.exe -u -p 1752 -s 1584
  2⤵
  - Program crash
  PID:2452

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\94308059B57B3142E455B38A6EB92015

Filesize
68KB

MD5
29f65ba8e88c063813cc50a4ea544e93

SHA1
05a7040d5c127e68c25d81cc51271ffb8bef3568

SHA256
1ed81fa8dfb6999a9fedc6e779138ffd99568992e22d300acd181a6d2c8de184

SHA512
e29b2e92c496245bed3372578074407e8ef8882906ce10c35b3c8deebfefe01b5fd7f3030acaa693e175f4b7aca6cd7d8d10ae1c731b09c5fa19035e005de3aa

Download Submit
C:\Users\Admin\AppData\Local\Temp\Tar3D55.tmp

Filesize
177KB

MD5
435a9ac180383f9fa094131b173a2f7b

SHA1
76944ea657a9db94f9a4bef38f88c46ed4166983

SHA256
67dc37ed50b8e63272b49a254a6039ee225974f1d767bb83eb1fd80e759a7c34

SHA512
1a6b277611959720a9c71114957620517ad94541302f164eb872bd322292a952409bafb8bc2ac793b16ad5f25d83f8594ccff2b7834e3c2b2b941e6fc84c009a

Download Submit
memory/1752-0-0x00000000011A0000-0x00000000011A8000-memory.dmp

Filesize
32KB

Download
memory/1752-1-0x0000000074D00000-0x00000000753EE000-memory.dmp

Filesize
6.9MB

Download
memory/1752-2-0x0000000004EC0000-0x0000000004F00000-memory.dmp

Filesize
256KB

Download
memory/1752-40-0x0000000074D00000-0x00000000753EE000-memory.dmp

Filesize
6.9MB

Download
memory/1752-41-0x0000000004EC0000-0x0000000004F00000-memory.dmp

Filesize
256KB

Download