74ef4e409c39d19ad4ed3bacde598f0b92c999de77961354300033f5a917b938

Analysis

max time kernel
120s
max time network
121s
platform
windows7_x64
resource
win7-20240611-en
resource tags

arch:x64arch:x86image:win7-20240611-enlocale:en-usos:windows7-x64system
submitted
03/07/2024, 14:16

Target

74ef4e409c39d19ad4ed3bacde598f0b92c999de77961354300033f5a917b938.exe
Size

6KB
MD5

3aa2339d295c90c1a0fbfad98e9cebd0
SHA1

518a9c5b94df0ad8933b46c2ef3a0ad88fa01a77
SHA256

74ef4e409c39d19ad4ed3bacde598f0b92c999de77961354300033f5a917b938
SHA512

b727d4d7fe574b2ed752490133b73b547a674e911041b379e358679a3579c362923fcca3c8323beb1a4b295bd718cab7f9dc400ce6e1da6a786baf8bda79881c
SSDEEP

96:0foBJwl5Vtub9VpfVEsFQ/5XEjgtp4k9O0MHSzPSczNt:coJSVgRVLDC5kgtpv9O0ASzam

Score

3^/10

Program crash 1 IoCs

pid	pid_target	Process	procid_target
2656	2972	WerFault.exe	27

Suspicious use of AdjustPrivilegeToken 1 IoCs

description	pid	Process
Token: SeDebugPrivilege	2972	74ef4e409c39d19ad4ed3bacde598f0b92c999de77961354300033f5a917b938.exe

Suspicious use of WriteProcessMemory 4 IoCs

description	pid	Process	procid_target
PID 2972 wrote to memory of 2656	2972	74ef4e409c39d19ad4ed3bacde598f0b92c999de77961354300033f5a917b938.exe	28
PID 2972 wrote to memory of 2656	2972	74ef4e409c39d19ad4ed3bacde598f0b92c999de77961354300033f5a917b938.exe	28
PID 2972 wrote to memory of 2656	2972	74ef4e409c39d19ad4ed3bacde598f0b92c999de77961354300033f5a917b938.exe	28
PID 2972 wrote to memory of 2656	2972	74ef4e409c39d19ad4ed3bacde598f0b92c999de77961354300033f5a917b938.exe	28

C:\Users\Admin\AppData\Local\Temp\74ef4e409c39d19ad4ed3bacde598f0b92c999de77961354300033f5a917b938.exe
"C:\Users\Admin\AppData\Local\Temp\74ef4e409c39d19ad4ed3bacde598f0b92c999de77961354300033f5a917b938.exe"
1⤵
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
PID:2972
- C:\Windows\SysWOW64\WerFault.exe
  C:\Windows\SysWOW64\WerFault.exe -u -p 2972 -s 1696
  2⤵
  - Program crash
  PID:2656

memory/2972-0-0x000000007404E000-0x000000007404F000-memory.dmp

Filesize
4KB

Download
memory/2972-1-0x0000000000B30000-0x0000000000B38000-memory.dmp

Filesize
32KB

Download
memory/2972-2-0x0000000074040000-0x000000007472E000-memory.dmp

Filesize
6.9MB

Download
memory/2972-3-0x000000007404E000-0x000000007404F000-memory.dmp

Filesize
4KB

Download
memory/2972-4-0x0000000074040000-0x000000007472E000-memory.dmp

Filesize
6.9MB

Download