6b7baa1db0d2ed5c12dfb8f289449384ff821110f9b490379c5fcd9190090f4e

Analysis

max time kernel
121s
max time network
123s
platform
windows7_x64
resource
win7-20240221-en
resource tags

arch:x64arch:x86image:win7-20240221-enlocale:en-usos:windows7-x64system
submitted
20-04-2024 09:53

Target

dfe244414c8461175241ce54707eb6b6.exe
Size

405KB
MD5

dfe244414c8461175241ce54707eb6b6
SHA1

1c94e583b7058d01dad42d56ef5ddf17b64b5778
SHA256

6b7baa1db0d2ed5c12dfb8f289449384ff821110f9b490379c5fcd9190090f4e
SHA512

a8b872308f2e4d51bf99617bad931117921a4332d2a4b2e84c6e45bf42829999a95883b146dca93894ffbd5bcd0f03cb682468457ac2ff1cefcb43155f4225c9
SSDEEP

12288:eN6XS66ZeKgLaIGVkwpU0uNqFrNNkpICQzlG:26CNe0IGVl+qHul

Score

1^/10

Suspicious use of AdjustPrivilegeToken 1 IoCs

Processes:

dfe244414c8461175241ce54707eb6b6.exe

description pid process

Token: SeDebugPrivilege 1976 dfe244414c8461175241ce54707eb6b6.exe

description	pid	process
Token: SeDebugPrivilege	1976	dfe244414c8461175241ce54707eb6b6.exe

Suspicious use of WriteProcessMemory 3 IoCs

Processes:

dfe244414c8461175241ce54707eb6b6.exe

description	pid	process	target process
PID 1976 wrote to memory of 1464	1976	dfe244414c8461175241ce54707eb6b6.exe	WerFault.exe
PID 1976 wrote to memory of 1464	1976	dfe244414c8461175241ce54707eb6b6.exe	WerFault.exe
PID 1976 wrote to memory of 1464	1976	dfe244414c8461175241ce54707eb6b6.exe	WerFault.exe

C:\Windows\system32\WerFault.exe
C:\Windows\system32\WerFault.exe -u -p 1976 -s 568
2⤵
PID:1464

memory/1976-0-0x00000000000D0000-0x00000000000DE000-memory.dmp

Filesize
56KB

Download
memory/1976-1-0x000007FEF5C30000-0x000007FEF661C000-memory.dmp

Filesize
9.9MB

Download
memory/1976-2-0x000000001B170000-0x000000001B1F0000-memory.dmp

Filesize
512KB

Download
memory/1976-3-0x000007FEF5C30000-0x000007FEF661C000-memory.dmp

Filesize
9.9MB

Download
memory/1976-4-0x000000001B170000-0x000000001B1F0000-memory.dmp

Filesize
512KB

Download