472216912d2c889258b522d08fb95134bbe6d682e357524a2e092590cae37263

Analysis

max time kernel
121s
max time network
123s
platform
windows7_x64
resource
win7-20240221-en
resource tags

arch:x64arch:x86image:win7-20240221-enlocale:en-usos:windows7-x64system
submitted
22/04/2024, 01:02

Target

95442c887f47bbb4b350fca87c45dc6ef95355ce86a63d7c2f50db2d92ae512e.exe
Size

404KB
MD5

15ce9e885610d5b85500ea0d139f6d21
SHA1

99f1392185a70453f33e15d6f5b75064217c2c18
SHA256

95442c887f47bbb4b350fca87c45dc6ef95355ce86a63d7c2f50db2d92ae512e
SHA512

9ee8e3fb682cf7abb5804106f841551f2f0fd8ace9842e67f3bda573772d39a6482d19e853de5a9a48d177350a3398cb814105ced01fdfb1be6db7e8bc9055b9
SSDEEP

6144:/IJTLRoSz47P8DiLdwXQIPcnEPjj9tQPBBpRPZi9opzUeqcnoKPcmPuJkJ:wlRoSz4j8DM6gIxfUP+2Ye9oCcmf

Score

1^/10

Suspicious use of AdjustPrivilegeToken 1 IoCs

description	pid	Process
Token: SeDebugPrivilege	2904	95442c887f47bbb4b350fca87c45dc6ef95355ce86a63d7c2f50db2d92ae512e.exe

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 2904 wrote to memory of 2172	2904	95442c887f47bbb4b350fca87c45dc6ef95355ce86a63d7c2f50db2d92ae512e.exe	28
PID 2904 wrote to memory of 2172	2904	95442c887f47bbb4b350fca87c45dc6ef95355ce86a63d7c2f50db2d92ae512e.exe	28
PID 2904 wrote to memory of 2172	2904	95442c887f47bbb4b350fca87c45dc6ef95355ce86a63d7c2f50db2d92ae512e.exe	28

C:\Users\Admin\AppData\Local\Temp\95442c887f47bbb4b350fca87c45dc6ef95355ce86a63d7c2f50db2d92ae512e.exe
"C:\Users\Admin\AppData\Local\Temp\95442c887f47bbb4b350fca87c45dc6ef95355ce86a63d7c2f50db2d92ae512e.exe"
1⤵
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
PID:2904
- C:\Windows\system32\WerFault.exe
  C:\Windows\system32\WerFault.exe -u -p 2904 -s 568
  2⤵
  PID:2172

memory/2904-0-0x0000000000C20000-0x0000000000C2E000-memory.dmp

Filesize
56KB

Download
memory/2904-1-0x000007FEF56F0000-0x000007FEF60DC000-memory.dmp

Filesize
9.9MB

Download
memory/2904-2-0x0000000000400000-0x0000000000480000-memory.dmp

Filesize
512KB

Download
memory/2904-3-0x000007FEF56F0000-0x000007FEF60DC000-memory.dmp

Filesize
9.9MB

Download
memory/2904-4-0x0000000000400000-0x0000000000480000-memory.dmp

Filesize
512KB

Download