386af47105d3e905ab5c1327fa634dd38e8af6d29f380cfbf0546549734d22f9

Analysis

max time kernel
121s
max time network
122s
platform
windows7_x64
resource
win7-20240220-en
resource tags

arch:x64arch:x86image:win7-20240220-enlocale:en-usos:windows7-x64system
submitted
26-04-2024 08:05

Target

CHEMICAL SPECIFICATIONS.exe
Size

1.0MB
MD5

f564f9251bd76e796906aebb35ae478a
SHA1

e6b87808a2a2b26bcda776e971e442598402b2bd
SHA256

386af47105d3e905ab5c1327fa634dd38e8af6d29f380cfbf0546549734d22f9
SHA512

c979305cd640afe04056d36e327acee49d4c0fa9af77cd7ec9fa6463e7b0c145400be854deda5f8739956cdd95e3bceb44306d16f899487aee53e056f7144308
SSDEEP

24576:9wzV9w070Ln2qfI3F2IJ0mxhyEtWj9gBrZkpsZIjd4bnFdtJB:wV8n2q02IdnyPg1ZyGIjd4bFdtJB

Score

1^/10

Suspicious use of AdjustPrivilegeToken 1 IoCs

Processes:

CHEMICAL SPECIFICATIONS.exe

description pid process

Token: SeDebugPrivilege 2308 CHEMICAL SPECIFICATIONS.exe

description	pid	process
Token: SeDebugPrivilege	2308	CHEMICAL SPECIFICATIONS.exe

Suspicious use of WriteProcessMemory 3 IoCs

Processes:

CHEMICAL SPECIFICATIONS.exe

description	pid	process	target process
PID 2308 wrote to memory of 768	2308	CHEMICAL SPECIFICATIONS.exe	WerFault.exe
PID 2308 wrote to memory of 768	2308	CHEMICAL SPECIFICATIONS.exe	WerFault.exe
PID 2308 wrote to memory of 768	2308	CHEMICAL SPECIFICATIONS.exe	WerFault.exe

C:\Windows\system32\WerFault.exe
C:\Windows\system32\WerFault.exe -u -p 2308 -s 580
2⤵
PID:768

memory/2308-0-0x0000000000A60000-0x0000000000AD8000-memory.dmp

Filesize
480KB

Download
memory/2308-1-0x000007FEF5C20000-0x000007FEF660C000-memory.dmp

Filesize
9.9MB

Download
memory/2308-2-0x000000001A9A0000-0x000000001AA20000-memory.dmp

Filesize
512KB

Download
memory/2308-3-0x000007FEF5C20000-0x000007FEF660C000-memory.dmp

Filesize
9.9MB

Download
memory/2308-4-0x000000001A9A0000-0x000000001AA20000-memory.dmp

Filesize
512KB

Download