a9374cefc586e89a9aa82bbafe8f3b96d28535838411f44f9ba0be854ad71eb5

Analysis

max time kernel
122s
max time network
123s
platform
windows7_x64
resource
win7-20240903-en
resource tags

arch:x64arch:x86image:win7-20240903-enlocale:en-usos:windows7-x64system
submitted
20/11/2024, 05:01

Target

药品追溯上传1120(盘点和库存变更)/国家医保结算清单上传程序.exe
Size

614KB
MD5

0405a24d71297371032a02b73e34bade
SHA1

163dd91bf676159e71e1ea534bceb5f848d50050
SHA256

179e69621a42239413dc2fd3fcde123e82d808f03fd32ba3139ec9aecb344b98
SHA512

a4719add99667a469d226145cc568c0beff0171fbc655890686ce71ea1c653fa2efb4044a5a3c50f5b5fef932e0396775741df623696f19acbd1b58b78b1a037
SSDEEP

12288:k01npRyjlcgH5uek0+r9HoKq3Ba2xICh7aPXLLNfhTjl9:kaRyjlxZuK+r9HoLc2xIXPXLLNfhTjr

Score

1^/10

Suspicious behavior: EnumeratesProcesses 2 IoCs

pid	Process
2348	国家医保结算清单上传程序.exe
2348	国家医保结算清单上传程序.exe

Suspicious use of AdjustPrivilegeToken 1 IoCs

description	pid	Process
Token: SeDebugPrivilege	2348	国家医保结算清单上传程序.exe

Suspicious use of FindShellTrayWindow 1 IoCs

pid	Process
2348	国家医保结算清单上传程序.exe

Suspicious use of SendNotifyMessage 1 IoCs

pid	Process
2348	国家医保结算清单上传程序.exe

memory/2348-0-0x000007FEF6083000-0x000007FEF6084000-memory.dmp

Filesize
4KB

Download
memory/2348-1-0x00000000009A0000-0x0000000000A3E000-memory.dmp

Filesize
632KB

Download
memory/2348-2-0x000007FEF6080000-0x000007FEF6A6C000-memory.dmp

Filesize
9.9MB

Download
memory/2348-3-0x000007FEF6080000-0x000007FEF6A6C000-memory.dmp

Filesize
9.9MB

Download
memory/2348-4-0x000007FEF6080000-0x000007FEF6A6C000-memory.dmp

Filesize
9.9MB

Download
memory/2348-5-0x000007FEF6080000-0x000007FEF6A6C000-memory.dmp

Filesize
9.9MB

Download
memory/2348-7-0x000007FEF6083000-0x000007FEF6084000-memory.dmp

Filesize
4KB

Download
memory/2348-8-0x000007FEF6080000-0x000007FEF6A6C000-memory.dmp

Filesize
9.9MB

Download
memory/2348-9-0x000007FEF6080000-0x000007FEF6A6C000-memory.dmp

Filesize
9.9MB

Download