4353b7d4028f741c8e30b1a4840c710558df70773465f3abd8038bfbd4d4a6e1

Analysis

max time kernel
147s
max time network
150s
platform
windows10-2004_x64
resource
win10v2004-20240508-en
resource tags

arch:x64arch:x86image:win10v2004-20240508-enlocale:en-usos:windows10-2004-x64system
submitted
11/06/2024, 21:19

Target

4353b7d4028f741c8e30b1a4840c710558df70773465f3abd8038bfbd4d4a6e1.exe
Size

5.7MB
MD5

7dccf4281a27284ef1d6ef30a65ed00e
SHA1

06405352aba68f4c7f31bac1af49f9775418e0e4
SHA256

4353b7d4028f741c8e30b1a4840c710558df70773465f3abd8038bfbd4d4a6e1
SHA512

c4a95136b211e37f4be4739cd6da2a2abcfa3b659aa9e466d21e064b189616707ebb61d5905ae456d92cbfc6411cffb640080aaee66b869b922b7221321817ec
SSDEEP

98304:aLo5QTQrSjGzwbEwxCMPJVWlNKK31yzX6kPmh3ue7FH0oRVoiwhSi2BEiOfcCbE6:lkQujGjwxdBVxpHmj9nmhv2SiOfcCbT

Score

4^/10

Drops file in Program Files directory 4 IoCs

description	ioc	Process
File created	\??\c:\program files (x86)\common files\java\java update\jusched.exe	4353b7d4028f741c8e30b1a4840c710558df70773465f3abd8038bfbd4d4a6e1.exe
File created	\??\c:\program files (x86)\adobe\acrotray .exe	4353b7d4028f741c8e30b1a4840c710558df70773465f3abd8038bfbd4d4a6e1.exe
File created	\??\c:\program files (x86)\adobe\acrotray.exe	4353b7d4028f741c8e30b1a4840c710558df70773465f3abd8038bfbd4d4a6e1.exe
File created	\??\c:\program files (x86)\internet explorer\wmpscfgs.exe	4353b7d4028f741c8e30b1a4840c710558df70773465f3abd8038bfbd4d4a6e1.exe

Program crash 1 IoCs

pid	pid_target	Process	procid_target
1828	2976	WerFault.exe	83

Suspicious behavior: EnumeratesProcesses 4 IoCs

Suspicious use of AdjustPrivilegeToken 1 IoCs

description	pid	Process
Token: SeDebugPrivilege	2976	4353b7d4028f741c8e30b1a4840c710558df70773465f3abd8038bfbd4d4a6e1.exe

C:\Users\Admin\AppData\Local\Temp\4353b7d4028f741c8e30b1a4840c710558df70773465f3abd8038bfbd4d4a6e1.exe
"C:\Users\Admin\AppData\Local\Temp\4353b7d4028f741c8e30b1a4840c710558df70773465f3abd8038bfbd4d4a6e1.exe"
1⤵
- Drops file in Program Files directory
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of AdjustPrivilegeToken
PID:2976
- C:\Windows\SysWOW64\WerFault.exe
  C:\Windows\SysWOW64\WerFault.exe -u -p 2976 -s 660
  2⤵
  - Program crash
  PID:1828

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 408 -p 2976 -ip 2976
1⤵
PID:1644

memory/2976-0-0x0000000000400000-0x0000000000CB5000-memory.dmp

Filesize
8.7MB

Download
memory/2976-2-0x0000000000400000-0x0000000000CB5000-memory.dmp

Filesize
8.7MB

Download
memory/2976-1-0x0000000000D40000-0x0000000000D41000-memory.dmp

Filesize
4KB

Download
memory/2976-5-0x0000000000400000-0x0000000000CB5000-memory.dmp

Filesize
8.7MB

Download
memory/2976-4-0x0000000000422000-0x0000000000727000-memory.dmp

Filesize
3.0MB

Download
memory/2976-6-0x0000000010000000-0x0000000010010000-memory.dmp

Filesize
64KB

Download
memory/2976-13-0x0000000000400000-0x0000000000CB5000-memory.dmp

Filesize
8.7MB

Download
memory/2976-14-0x0000000000422000-0x0000000000727000-memory.dmp

Filesize
3.0MB

Download