d64ab9ff0984410b88e53ae2a9cf7c4f971aa7defc132343589fffbff2638c57

Analysis

max time kernel
118s
max time network
119s
platform
windows7_x64
resource
win7-20240221-en
resource tags

arch:x64arch:x86image:win7-20240221-enlocale:en-usos:windows7-x64system
submitted
29-04-2024 09:52

Target

Quotation Order.exe
Size

891KB
MD5

d797aae1eaf481e9c887482192b84109
SHA1

acf58b4eb3f0ffda9a2cd91def583422a11ed873
SHA256

cbda8606094d0493370b0f219edaba9be92444967aa9259d3e9323314dca2daa
SHA512

605151432227a27e70c7884a7300e2cda5450970a5bb67cb6139fb69ee1facbe2dc95799905080456db0549aa04e35870e4142aafbcb60aa175f9526f3f7753c
SSDEEP

24576:4wzm9u/h4/YiCLuiq3crVdkwGdYCxUw/ATA:pmuhWYiCaivGWPwITA

Score

1^/10

Suspicious use of AdjustPrivilegeToken 1 IoCs

Processes:

Quotation Order.exe

description pid process

Token: SeDebugPrivilege 2864 Quotation Order.exe

description	pid	process
Token: SeDebugPrivilege	2864	Quotation Order.exe

Suspicious use of WriteProcessMemory 3 IoCs

Processes:

Quotation Order.exe

description	pid	process	target process
PID 2864 wrote to memory of 1356	2864	Quotation Order.exe	WerFault.exe
PID 2864 wrote to memory of 1356	2864	Quotation Order.exe	WerFault.exe
PID 2864 wrote to memory of 1356	2864	Quotation Order.exe	WerFault.exe

C:\Windows\system32\WerFault.exe
C:\Windows\system32\WerFault.exe -u -p 2864 -s 576
2⤵
PID:1356

memory/2864-0-0x0000000000D60000-0x0000000000DB0000-memory.dmp

Filesize
320KB

Download
memory/2864-1-0x000007FEF5A30000-0x000007FEF641C000-memory.dmp

Filesize
9.9MB

Download
memory/2864-2-0x0000000000620000-0x00000000006A0000-memory.dmp

Filesize
512KB

Download
memory/2864-3-0x000007FEF5A30000-0x000007FEF641C000-memory.dmp

Filesize
9.9MB

Download
memory/2864-4-0x0000000000620000-0x00000000006A0000-memory.dmp

Filesize
512KB

Download