40596da4af2b1b0387147484d112423d317e2fd41cd19bb1b63d2f8429bacee4

Analysis

max time kernel
838s
max time network
840s
platform
windows7_x64
resource
win7-20240221-en
resource tags

arch:x64arch:x86image:win7-20240221-enlocale:en-usos:windows7-x64system
submitted
08-06-2024 07:56

Target

download.exe
Size

88KB
MD5

94c73dc6cc79de28524a82f04adc7c6b
SHA1

8ce1411adede8a1485ad718160ef01c7a22634de
SHA256

40596da4af2b1b0387147484d112423d317e2fd41cd19bb1b63d2f8429bacee4
SHA512

820b38de02b00668b24e6dc0510f632a7648bd1e647f5a9ee0c7d8bd8b86a49b55db72e1cfa2eff0337dc30d6b1cb45af1f904a9105715618d410ff56841d041
SSDEEP

768:+CIFqF93IfXwXbOfq1okh8BBEjpaPWfu/WYat7PTXDvt976xrXu5Me0:+C4qF9pbOAh8B+Bfu+YaZTXTt97KruM

Score

1^/10

Suspicious behavior: EnumeratesProcesses 1 IoCs

pid	Process
1728	powershell.exe

Suspicious use of AdjustPrivilegeToken 1 IoCs

description	pid	Process
Token: SeDebugPrivilege	1728	powershell.exe

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 1652 wrote to memory of 1980	1652	download.exe	28
PID 1652 wrote to memory of 1980	1652	download.exe	28
PID 1652 wrote to memory of 1980	1652	download.exe	28

C:\Users\Admin\AppData\Local\Temp\download.exe
"C:\Users\Admin\AppData\Local\Temp\download.exe"
1⤵
- Suspicious use of WriteProcessMemory
PID:1652
- C:\Windows\system32\WerFault.exe
  C:\Windows\system32\WerFault.exe -u -p 1652 -s 512
  2⤵
  PID:1980

memory/1652-0-0x000007FEF5BE3000-0x000007FEF5BE4000-memory.dmp

Filesize
4KB

Download
memory/1652-1-0x0000000000AE0000-0x0000000000AFC000-memory.dmp

Filesize
112KB

Download
memory/1652-2-0x000007FEF5BE3000-0x000007FEF5BE4000-memory.dmp

Filesize
4KB

Download
memory/1728-10-0x000007FEF53F0000-0x000007FEF5D8D000-memory.dmp

Filesize
9.6MB

Download
memory/1728-9-0x000007FEF53F0000-0x000007FEF5D8D000-memory.dmp

Filesize
9.6MB

Download
memory/1728-8-0x0000000001E70000-0x0000000001E78000-memory.dmp

Filesize
32KB

Download
memory/1728-7-0x000000001B5F0000-0x000000001B8D2000-memory.dmp

Filesize
2.9MB

Download
memory/1728-11-0x000007FEF53F0000-0x000007FEF5D8D000-memory.dmp

Filesize
9.6MB

Download
memory/1728-12-0x000007FEF53F0000-0x000007FEF5D8D000-memory.dmp

Filesize
9.6MB

Download
memory/1728-13-0x000007FEF53F0000-0x000007FEF5D8D000-memory.dmp

Filesize
9.6MB

Download