f492b2bf8db70068e31654af82901016dbc2190f6d3e3a88618289ffd9026722

Analysis

Target

adea53c9b681a10b450569f7fb632bf3.exe
Size

450KB
MD5

adea53c9b681a10b450569f7fb632bf3
SHA1

f8a8a767eb3ff08a82228fcf6b14daeae78b6aa2
SHA256

f492b2bf8db70068e31654af82901016dbc2190f6d3e3a88618289ffd9026722
SHA512

18f3af0926f90abd26d1580be6bef966b12055f482a22da834b8577caa66421efa0fd4da7f22d3bb3d5a712af6602f696fe92ddf1d7667f0a3680adaf16d9a9d

Score

1^/10

Suspicious use of AdjustPrivilegeToken 1 IoCs

Processes:

adea53c9b681a10b450569f7fb632bf3.exe

description pid process

Token: SeDebugPrivilege 1948 adea53c9b681a10b450569f7fb632bf3.exe

description	pid	process
Token: SeDebugPrivilege	1948	adea53c9b681a10b450569f7fb632bf3.exe

C:\Users\Admin\AppData\Local\Temp\adea53c9b681a10b450569f7fb632bf3.exe
"C:\Users\Admin\AppData\Local\Temp\adea53c9b681a10b450569f7fb632bf3.exe"
1⤵
- Suspicious use of AdjustPrivilegeToken
PID:1948

memory/1948-130-0x0000000002C2D000-0x0000000002C57000-memory.dmp

Filesize
168KB

Download
memory/1948-131-0x0000000002D10000-0x0000000002D47000-memory.dmp

Filesize
220KB

Download
memory/1948-132-0x0000000000400000-0x0000000002B8D000-memory.dmp

Filesize
39.6MB

Download
memory/1948-133-0x0000000007510000-0x0000000007AB4000-memory.dmp

Filesize
5.6MB

Download
memory/1948-134-0x0000000007AC0000-0x00000000080D8000-memory.dmp

Filesize
6.1MB

Download
memory/1948-135-0x0000000004EE0000-0x0000000004EF2000-memory.dmp

Filesize
72KB

Download
memory/1948-136-0x00000000080E0000-0x00000000081EA000-memory.dmp

Filesize
1.0MB

Download
memory/1948-137-0x0000000004F00000-0x0000000004F3C000-memory.dmp

Filesize
240KB

Download
memory/1948-138-0x0000000008D70000-0x0000000008DD6000-memory.dmp

Filesize
408KB

Download