ea17fb10ce1b6f2657ffaefd4ccd852289eccbca93a4f70e735585e20800b3af

Analysis

max time kernel
122s
max time network
123s
platform
windows7_x64
resource
win7-20240215-en
resource tags

arch:x64arch:x86image:win7-20240215-enlocale:en-usos:windows7-x64system
submitted
27/03/2024, 16:59

Target

e2279a637f4c2dfb796ebf51746ac560.exe
Size

9KB
MD5

e2279a637f4c2dfb796ebf51746ac560
SHA1

a0b1c212bf652eeae7c4114415c2346df702c80c
SHA256

ea17fb10ce1b6f2657ffaefd4ccd852289eccbca93a4f70e735585e20800b3af
SHA512

4e4edeca4c2d74f36a0b0c47e6c68338e8a5d7f9bc5bbfda94202fd774aedaf71557d80f6222391958ad842d6c11df27088bea4a327a7d908ff81482839773e0
SSDEEP

192:NBksuPrN3y+TFeMZZ3s93VnjdwCzU3qcB3:yZ1FeMwFnhwCw6cB

Score

1^/10

Suspicious use of AdjustPrivilegeToken 1 IoCs

description	pid	Process
Token: SeDebugPrivilege	2220	e2279a637f4c2dfb796ebf51746ac560.exe

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 2220 wrote to memory of 2532	2220	e2279a637f4c2dfb796ebf51746ac560.exe	28
PID 2220 wrote to memory of 2532	2220	e2279a637f4c2dfb796ebf51746ac560.exe	28
PID 2220 wrote to memory of 2532	2220	e2279a637f4c2dfb796ebf51746ac560.exe	28

C:\Users\Admin\AppData\Local\Temp\e2279a637f4c2dfb796ebf51746ac560.exe
"C:\Users\Admin\AppData\Local\Temp\e2279a637f4c2dfb796ebf51746ac560.exe"
1⤵
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
PID:2220
- C:\Windows\system32\WerFault.exe
  C:\Windows\system32\WerFault.exe -u -p 2220 -s 892
  2⤵
  PID:2532

memory/2220-0-0x0000000000A00000-0x0000000000A08000-memory.dmp

Filesize
32KB

Download
memory/2220-1-0x000007FEF5CA0000-0x000007FEF668C000-memory.dmp

Filesize
9.9MB

Download
memory/2220-2-0x000000001B2F0000-0x000000001B370000-memory.dmp

Filesize
512KB

Download
memory/2220-3-0x000007FEF5CA0000-0x000007FEF668C000-memory.dmp

Filesize
9.9MB

Download
memory/2220-4-0x000000001B2F0000-0x000000001B370000-memory.dmp

Filesize
512KB

Download