22efcc1bc26067f886faf501aee60f1cbc8ba05078d316a4df89fbced0ea84b3

Analysis

Target

22efcc1bc26067f886faf501aee60f1cbc8ba05078d316a4df89fbced0ea84b3.exe
Size

279KB
MD5

9e448f4628fdd271af8c14fcebcf7619
SHA1

9c1f14f19b60654332a04d316cef95f80d7b8ba0
SHA256

22efcc1bc26067f886faf501aee60f1cbc8ba05078d316a4df89fbced0ea84b3
SHA512

1ba26d981e8116c7efe692489882c320df17d2f3c216beedd100308222be7e09faf251a84b35f33ad7ec3a5a21627bb053393e851b23366c226a7b6b0dcdee6f

Score

1^/10

Suspicious use of AdjustPrivilegeToken 1 IoCs

Processes:

22efcc1bc26067f886faf501aee60f1cbc8ba05078d316a4df89fbced0ea84b3.exe

description pid process

Token: SeDebugPrivilege 3020 22efcc1bc26067f886faf501aee60f1cbc8ba05078d316a4df89fbced0ea84b3.exe

description	pid	process
Token: SeDebugPrivilege	3020	22efcc1bc26067f886faf501aee60f1cbc8ba05078d316a4df89fbced0ea84b3.exe

C:\Users\Admin\AppData\Local\Temp\22efcc1bc26067f886faf501aee60f1cbc8ba05078d316a4df89fbced0ea84b3.exe
"C:\Users\Admin\AppData\Local\Temp\22efcc1bc26067f886faf501aee60f1cbc8ba05078d316a4df89fbced0ea84b3.exe"
1⤵
- Suspicious use of AdjustPrivilegeToken
PID:3020

memory/3020-124-0x0000000000A58000-0x0000000000A7D000-memory.dmp

Filesize
148KB

Download
memory/3020-125-0x0000000000A58000-0x0000000000A7D000-memory.dmp

Filesize
148KB

Download
memory/3020-126-0x0000000002660000-0x0000000002692000-memory.dmp

Filesize
200KB

Download
memory/3020-127-0x0000000000400000-0x00000000008E5000-memory.dmp

Filesize
4.9MB

Download
memory/3020-128-0x0000000005140000-0x00000000056E4000-memory.dmp

Filesize
5.6MB

Download
memory/3020-129-0x00000000056F0000-0x0000000005D08000-memory.dmp

Filesize
6.1MB

Download
memory/3020-130-0x0000000005080000-0x00000000050BC000-memory.dmp

Filesize
240KB

Download
memory/3020-131-0x00000000050C0000-0x00000000050D2000-memory.dmp

Filesize
72KB

Download
memory/3020-132-0x0000000005134000-0x0000000005136000-memory.dmp

Filesize
8KB

Download
memory/3020-133-0x0000000005E70000-0x0000000005F7A000-memory.dmp

Filesize
1.0MB

Download