c35d5fb22d47e276e38fde699fc3b1e88e60a708d85b6ebea69815dec5d4883e

Analysis

max time kernel
117s
max time network
122s
platform
windows7_x64
resource
win7-20240221-en
resource tags

arch:x64arch:x86image:win7-20240221-enlocale:en-usos:windows7-x64system
submitted
25-04-2024 05:43

Target

hajde-lavacrypt-dfgs.exe
Size

2.9MB
MD5

f561ee026ad652bed5d2dbca19b0f6da
SHA1

42a9d231a9c44331ac6f6327de9e3fa7d796c3d4
SHA256

c35d5fb22d47e276e38fde699fc3b1e88e60a708d85b6ebea69815dec5d4883e
SHA512

52de39805c40f30f2ab7aebd6f143cc1d5ecd6bb95b767a45d4c212f48ee16df6425309463d2cc8703dfa0cb796b42fafb75dfd7836f65ee09e13c9318c31e4e
SSDEEP

49152:GC5pOewgkXW0aOtXZpv8axPoPADdvcPru1221mduTjSuoqaesz+pgInL/rKUvYp:jjInXW0tXZaaxPoPkvR2kSu1phnL/rYp

Score

1^/10

Suspicious use of AdjustPrivilegeToken 1 IoCs

Processes:

hajde-lavacrypt-dfgs.exe

description pid process

Token: SeDebugPrivilege 1760 hajde-lavacrypt-dfgs.exe

description	pid	process
Token: SeDebugPrivilege	1760	hajde-lavacrypt-dfgs.exe

Suspicious use of WriteProcessMemory 3 IoCs

Processes:

hajde-lavacrypt-dfgs.exe

description	pid	process	target process
PID 1760 wrote to memory of 2560	1760	hajde-lavacrypt-dfgs.exe	WerFault.exe
PID 1760 wrote to memory of 2560	1760	hajde-lavacrypt-dfgs.exe	WerFault.exe
PID 1760 wrote to memory of 2560	1760	hajde-lavacrypt-dfgs.exe	WerFault.exe

C:\Windows\system32\WerFault.exe
C:\Windows\system32\WerFault.exe -u -p 1760 -s 592
2⤵
PID:2560

memory/1760-0-0x0000000000900000-0x0000000000908000-memory.dmp

Filesize
32KB

Download
memory/1760-1-0x000007FEF58A0000-0x000007FEF628C000-memory.dmp

Filesize
9.9MB

Download
memory/1760-2-0x000000001B220000-0x000000001B2A0000-memory.dmp

Filesize
512KB

Download
memory/1760-3-0x000007FEF58A0000-0x000007FEF628C000-memory.dmp

Filesize
9.9MB

Download
memory/1760-4-0x000000001B220000-0x000000001B2A0000-memory.dmp

Filesize
512KB

Download