04daee0f005100e97cdc3da52a3636743ead93c5e6cc127e60257f7d3517a2df

Resubmissions

14-06-2024 01:43

max time kernel
18s
max time network
16s
platform
windows7_x64
resource
win7-20240221-en
resource tags

arch:x64arch:x86image:win7-20240221-enlocale:en-usos:windows7-x64system
submitted
14-06-2024 01:43

Target

Dayz Evolucao.exe
Size

64.5MB
MD5

42074637f7f229be8b0739459b23f18e
SHA1

b08e9f0817acfe2bd95fe0b656434719146467a8
SHA256

04daee0f005100e97cdc3da52a3636743ead93c5e6cc127e60257f7d3517a2df
SHA512

aff48ea5adb63d9562bd892a3cf5282998d56163fcad955aae5835988d4dd3f407305d17c50d92278c8a8bc13146fded91fbc0980bb98b9302fba04adf5e7514
SSDEEP

1572864:lPSd4EBQu5hcEwdsETwPLwXn6493WnWo/w6680cRk3oIBLID15O:lo4YATaETeGUWCy89RfIBLWT

Score

1^/10

Suspicious behavior: EnumeratesProcesses 2 IoCs

pid	Process
1704	Dayz Evolucao.exe
1704	Dayz Evolucao.exe

Suspicious use of AdjustPrivilegeToken 1 IoCs

description	pid	Process
Token: SeDebugPrivilege	1704	Dayz Evolucao.exe

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 1704 wrote to memory of 2296	1704	Dayz Evolucao.exe	31
PID 1704 wrote to memory of 2296	1704	Dayz Evolucao.exe	31
PID 1704 wrote to memory of 2296	1704	Dayz Evolucao.exe	31

C:\Users\Admin\AppData\Local\Temp\Dayz Evolucao.exe
"C:\Users\Admin\AppData\Local\Temp\Dayz Evolucao.exe"
1⤵
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
PID:1704
- C:\Windows\system32\WerFault.exe
  C:\Windows\system32\WerFault.exe -u -p 1704 -s 884
  2⤵
  PID:2296

memory/1704-0-0x000007FEF4C63000-0x000007FEF4C64000-memory.dmp

Filesize
4KB

Download
memory/1704-1-0x000000013F620000-0x00000001436B2000-memory.dmp

Filesize
64.6MB

Download
memory/1704-2-0x0000000024910000-0x0000000028DB2000-memory.dmp

Filesize
68.6MB

Download
memory/1704-3-0x000007FEF4C60000-0x000007FEF564C000-memory.dmp

Filesize
9.9MB

Download
memory/1704-4-0x000007FEF4C60000-0x000007FEF564C000-memory.dmp

Filesize
9.9MB

Download