8e1b83ae1a0f21e09b5e50c38dbab745738682bdaff5fdf8a646ce8f8fdf5a3e

Analysis

max time kernel
117s
max time network
117s
platform
windows7_x64
resource
win7-20240220-en
resource tags

arch:x64arch:x86image:win7-20240220-enlocale:en-usos:windows7-x64system
submitted
11/06/2024, 01:24

Target

8e1b83ae1a0f21e09b5e50c38dbab745738682bdaff5fdf8a646ce8f8fdf5a3e.exe
Size

572KB
MD5

541803839f3a859b1b764fa4f1cafd73
SHA1

80d320257f174430aae389bb2591d4cbb293bba6
SHA256

8e1b83ae1a0f21e09b5e50c38dbab745738682bdaff5fdf8a646ce8f8fdf5a3e
SHA512

2339517a3a6d31af6956cc25a077377557a291787b8db27d6199ece877eb2f8212f8bb537ece500e5c374a65a1d7dccbfc5f60f93672bbe6ae4225719c53865b
SSDEEP

12288:Uham2cGUY4HBITMOsxpLo6zR+OAVcHo83oWcHV1W2:UhB2cGHYO+e6gUeWE42

Score

1^/10

Suspicious use of AdjustPrivilegeToken 1 IoCs

description	pid	Process
Token: SeDebugPrivilege	2872	8e1b83ae1a0f21e09b5e50c38dbab745738682bdaff5fdf8a646ce8f8fdf5a3e.exe

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 2872 wrote to memory of 2108	2872	8e1b83ae1a0f21e09b5e50c38dbab745738682bdaff5fdf8a646ce8f8fdf5a3e.exe	28
PID 2872 wrote to memory of 2108	2872	8e1b83ae1a0f21e09b5e50c38dbab745738682bdaff5fdf8a646ce8f8fdf5a3e.exe	28
PID 2872 wrote to memory of 2108	2872	8e1b83ae1a0f21e09b5e50c38dbab745738682bdaff5fdf8a646ce8f8fdf5a3e.exe	28

C:\Users\Admin\AppData\Local\Temp\8e1b83ae1a0f21e09b5e50c38dbab745738682bdaff5fdf8a646ce8f8fdf5a3e.exe
"C:\Users\Admin\AppData\Local\Temp\8e1b83ae1a0f21e09b5e50c38dbab745738682bdaff5fdf8a646ce8f8fdf5a3e.exe"
1⤵
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
PID:2872
- C:\Windows\system32\WerFault.exe
  C:\Windows\system32\WerFault.exe -u -p 2872 -s 632
  2⤵
  PID:2108

memory/2872-0-0x000007FEF5AF3000-0x000007FEF5AF4000-memory.dmp

Filesize
4KB

Download
memory/2872-1-0x0000000001230000-0x0000000001246000-memory.dmp

Filesize
88KB

Download
memory/2872-2-0x000007FEF5AF0000-0x000007FEF64DC000-memory.dmp

Filesize
9.9MB

Download
memory/2872-3-0x000007FEF5AF3000-0x000007FEF5AF4000-memory.dmp

Filesize
4KB

Download
memory/2872-4-0x000007FEF5AF0000-0x000007FEF64DC000-memory.dmp

Filesize
9.9MB

Download