d6bb2409f8431821fdfda2d9f542e7bbbb952f34ac7ce387894a0be94aedd628

Analysis

max time kernel
117s
max time network
118s
platform
windows7_x64
resource
win7-20240903-en
resource tags

arch:x64arch:x86image:win7-20240903-enlocale:en-usos:windows7-x64system
submitted
21-11-2024 07:48

Target

d6bb2409f8431821fdfda2d9f542e7bbbb952f34ac7ce387894a0be94aedd628.exe
Size

9KB
MD5

942d8cae7fb654cbf456e4cb5ee13403
SHA1

076a733b58ed8cd135e3431e5372c4c7515a91d2
SHA256

d6bb2409f8431821fdfda2d9f542e7bbbb952f34ac7ce387894a0be94aedd628
SHA512

9bfa4c33495f6b23ab9853f30722d590d25a47a5633a5afd9bcdf36c151719ed6e4c87275e1cffdc8afe16ba75f1686441cd341a8d8b45f13fbd8cc4f5e255aa
SSDEEP

192:cBksuHm6N7oy1FReMZZ3N93VnjdwqzK3MMIaGWKHg:u4xvReMfFnhwqm7GtA

Score

1^/10

Suspicious use of AdjustPrivilegeToken 1 IoCs

Processes:

d6bb2409f8431821fdfda2d9f542e7bbbb952f34ac7ce387894a0be94aedd628.exe

description pid process

Token: SeDebugPrivilege 2416 d6bb2409f8431821fdfda2d9f542e7bbbb952f34ac7ce387894a0be94aedd628.exe

description	pid	process
Token: SeDebugPrivilege	2416	d6bb2409f8431821fdfda2d9f542e7bbbb952f34ac7ce387894a0be94aedd628.exe

Suspicious use of WriteProcessMemory 3 IoCs

Processes:

d6bb2409f8431821fdfda2d9f542e7bbbb952f34ac7ce387894a0be94aedd628.exe

description	pid	process	target process
PID 2416 wrote to memory of 2756	2416	d6bb2409f8431821fdfda2d9f542e7bbbb952f34ac7ce387894a0be94aedd628.exe	WerFault.exe
PID 2416 wrote to memory of 2756	2416	d6bb2409f8431821fdfda2d9f542e7bbbb952f34ac7ce387894a0be94aedd628.exe	WerFault.exe
PID 2416 wrote to memory of 2756	2416	d6bb2409f8431821fdfda2d9f542e7bbbb952f34ac7ce387894a0be94aedd628.exe	WerFault.exe

C:\Users\Admin\AppData\Local\Temp\d6bb2409f8431821fdfda2d9f542e7bbbb952f34ac7ce387894a0be94aedd628.exe
"C:\Users\Admin\AppData\Local\Temp\d6bb2409f8431821fdfda2d9f542e7bbbb952f34ac7ce387894a0be94aedd628.exe"
1⤵
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
PID:2416
- C:\Windows\system32\WerFault.exe
  C:\Windows\system32\WerFault.exe -u -p 2416 -s 892
  2⤵
  PID:2756

memory/2416-0-0x000007FEF5BF3000-0x000007FEF5BF4000-memory.dmp

Filesize
4KB

Download
memory/2416-1-0x0000000000210000-0x0000000000218000-memory.dmp

Filesize
32KB

Download
memory/2416-2-0x000007FEF5BF0000-0x000007FEF65DC000-memory.dmp

Filesize
9.9MB

Download
memory/2416-3-0x000007FEF5BF3000-0x000007FEF5BF4000-memory.dmp

Filesize
4KB

Download
memory/2416-4-0x000007FEF5BF0000-0x000007FEF65DC000-memory.dmp

Filesize
9.9MB

Download
memory/2416-5-0x000007FEF5BF0000-0x000007FEF65DC000-memory.dmp

Filesize
9.9MB

Download