98e895f711226a32bfab152e224279d859799243845c46e550c2d32153c619fc

Resubmissions

09-04-2024 13:27

09-04-2024 13:27

09-04-2024 13:27

09-04-2024 13:27

18-11-2023 14:44

max time kernel
361s
max time network
364s
platform
windows7_x64
resource
win7-20240221-en
resource tags

arch:x64arch:x86image:win7-20240221-enlocale:en-usos:windows7-x64system
submitted
09-04-2024 13:27

Target

New Text Document.exe
Size

4KB
MD5

a239a27c2169af388d4f5be6b52f272c
SHA1

0feb9a0cd8c25f01d071e9b2cfc2ae7bd430318c
SHA256

98e895f711226a32bfab152e224279d859799243845c46e550c2d32153c619fc
SHA512

f30e1ff506cc4d729f7e24aa46e832938a5e21497f1f82f1b300d47f45dae7f1caef032237ef1f5ae9001195c43c0103e3ab787f9196c8397846c1dea8f351da
SSDEEP

48:6r1huik0xzYGJZZJOQOulbfSqXSfbNtm:IIxcLpf6zNt

Score

1^/10

Suspicious use of AdjustPrivilegeToken 1 IoCs

Processes:

New Text Document.exe

description pid process

Token: SeDebugPrivilege 2100 New Text Document.exe

description	pid	process
Token: SeDebugPrivilege	2100	New Text Document.exe

Suspicious use of WriteProcessMemory 3 IoCs

Processes:

New Text Document.exe

description	pid	process	target process
PID 2100 wrote to memory of 2560	2100	New Text Document.exe	WerFault.exe
PID 2100 wrote to memory of 2560	2100	New Text Document.exe	WerFault.exe
PID 2100 wrote to memory of 2560	2100	New Text Document.exe	WerFault.exe

C:\Windows\system32\WerFault.exe
C:\Windows\system32\WerFault.exe -u -p 2100 -s 1072
2⤵
PID:2560

memory/2100-0-0x00000000012A0000-0x00000000012A8000-memory.dmp

Filesize
32KB

Download
memory/2100-1-0x000007FEF5DB0000-0x000007FEF679C000-memory.dmp

Filesize
9.9MB

Download
memory/2100-2-0x000000001B110000-0x000000001B190000-memory.dmp

Filesize
512KB

Download
memory/2100-3-0x000007FEF5DB0000-0x000007FEF679C000-memory.dmp

Filesize
9.9MB

Download
memory/2100-4-0x000000001B110000-0x000000001B190000-memory.dmp

Filesize
512KB

Download