aa873f1aeb2d13a9600b8132f7b115e31355e7aebe4175c7f4fcf13435a1a609

Analysis

max time kernel
119s
max time network
122s
platform
windows7_x64
resource
win7-20240903-en
resource tags

arch:x64arch:x86image:win7-20240903-enlocale:en-usos:windows7-x64system
submitted
24/02/2025, 10:45

Target

x.exe.bin.exe
Size

664KB
MD5

fe54dae7b2ca10a4d73e3db7889a401c
SHA1

c9766441ff9ebefb0ca17a55dcff87b2fb521200
SHA256

aa873f1aeb2d13a9600b8132f7b115e31355e7aebe4175c7f4fcf13435a1a609
SHA512

699574389bb13019d679ae059fa46e39c3a8527669540ef28adb45395cca5c3211cf1db4e69eb2158e65153cbf39a028c2f3061f83af4da4ce78f38a5f58d29c
SSDEEP

12288:bTe2C/vVtH6X9kfCLOmz1x7M6iM8ngIg579+S303KvFJ:StH6NkfCP1x7TPkgIgZ8S3038

Score

1^/10

Suspicious use of AdjustPrivilegeToken 1 IoCs

description	pid	Process
Token: SeDebugPrivilege	2376	x.exe.bin.exe

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 2376 wrote to memory of 2244	2376	x.exe.bin.exe	30
PID 2376 wrote to memory of 2244	2376	x.exe.bin.exe	30
PID 2376 wrote to memory of 2244	2376	x.exe.bin.exe	30

C:\Users\Admin\AppData\Local\Temp\x.exe.bin.exe
"C:\Users\Admin\AppData\Local\Temp\x.exe.bin.exe"
1⤵
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
PID:2376
- C:\Windows\system32\WerFault.exe
  C:\Windows\system32\WerFault.exe -u -p 2376 -s 1232
  2⤵
  PID:2244

memory/2376-0-0x000007FEF5483000-0x000007FEF5484000-memory.dmp

Filesize
4KB

Download
memory/2376-1-0x0000000001020000-0x00000000010CA000-memory.dmp

Filesize
680KB

Download
memory/2376-2-0x0000000000270000-0x0000000000278000-memory.dmp

Filesize
32KB

Download
memory/2376-3-0x000007FEF5480000-0x000007FEF5E6C000-memory.dmp

Filesize
9.9MB

Download
memory/2376-4-0x000007FEF5480000-0x000007FEF5E6C000-memory.dmp

Filesize
9.9MB

Download