916c2332f6dec9ddad8add6a75943925bec7254450d7d9ddef108be5fcf0b89e

Analysis

max time kernel
119s
max time network
119s
platform
windows7_x64
resource
win7-20240508-en
resource tags

arch:x64arch:x86image:win7-20240508-enlocale:en-usos:windows7-x64system
submitted
29/06/2024, 01:37

Target

crash.exe
Size

4.0MB
MD5

1fed3f0babbfdb9fa667d81acf88c2ff
SHA1

48a9ed89793e023bd974ea52a0be8d631b9e89e5
SHA256

916c2332f6dec9ddad8add6a75943925bec7254450d7d9ddef108be5fcf0b89e
SHA512

2e859bb6a6b4fa63b283d7f78af7bf34e0bfc24ff9d69bc3676c2a382a8548ef9c2b4b002d446834d361217df319d5f9ab429fb795e1523c49b2a218adc24086
SSDEEP

98304:QY+Max4j/7r3nFQgc3jvu2KTlLN1yLSwz:lB/7DnFQgc3LElh+

Score

1^/10

Suspicious use of AdjustPrivilegeToken 1 IoCs

description	pid	Process
Token: SeDebugPrivilege	2600	whoami.exe

Suspicious use of WriteProcessMemory 12 IoCs

description	pid	Process	procid_target
PID 3004 wrote to memory of 1208	3004	crash.exe	29
PID 3004 wrote to memory of 1208	3004	crash.exe	29
PID 3004 wrote to memory of 1208	3004	crash.exe	29
PID 1208 wrote to memory of 2884	1208	cmd.exe	30
PID 1208 wrote to memory of 2884	1208	cmd.exe	30
PID 1208 wrote to memory of 2884	1208	cmd.exe	30
PID 3004 wrote to memory of 3044	3004	crash.exe	31
PID 3004 wrote to memory of 3044	3004	crash.exe	31
PID 3004 wrote to memory of 3044	3004	crash.exe	31
PID 3044 wrote to memory of 2600	3044	cmd.exe	32
PID 3044 wrote to memory of 2600	3044	cmd.exe	32
PID 3044 wrote to memory of 2600	3044	cmd.exe	32

C:\Users\Admin\AppData\Local\Temp\crash.exe
"C:\Users\Admin\AppData\Local\Temp\crash.exe"
1⤵
- Suspicious use of WriteProcessMemory
PID:3004
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c chcp 65001
  2⤵
  - Suspicious use of WriteProcessMemory
  PID:1208
- - C:\Windows\system32\chcp.com
    chcp 65001
    3⤵
    PID:2884
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c whoami
  2⤵
  - Suspicious use of WriteProcessMemory
  PID:3044
- - C:\Windows\system32\whoami.exe
    whoami
    3⤵
    - Suspicious use of AdjustPrivilegeToken
    PID:2600

C:\Users\Admin\AppData\Local\Temp\_.txt

Filesize
4.8MB

MD5
fc598f99ccb65a57019631fbc823a50a

SHA1
bb55fc4800f7a99dbe4d0bb86313966f056aa5d5

SHA256
7d48b896e710bb3c8746d9486e198986fe781c1313ef5665190a1fbdd3ee7f0d

SHA512
a74189c015dfdabf45ef4cdad14d74c3b59afd6370cecd46e888021b37e0055a3f57226e4cdbf5b1947f669f8c8edccca54ee9b1aa52a4eaa3ae09f3a00c4e8a

Download Submit
memory/3004-0-0x000000017D0D0000-0x000000017D0E0000-memory.dmp

Filesize
64KB

Download
memory/3004-3-0x000000017D0D0000-0x000000017D0E0000-memory.dmp

Filesize
64KB

Download
memory/3004-8-0x000000017D0D0000-0x000000017D0E0000-memory.dmp

Filesize
64KB

Download
memory/3004-11-0x000000017D0D0000-0x000000017D0E0000-memory.dmp

Filesize
64KB

Download