90be1936790b5dbe16e74ea0bdacedf3d7311c7427a3151769335bee789b9916

Analysis

max time kernel
146s
max time network
151s
platform
windows7_x64
resource
win7-20220812-en
resource tags

arch:x64arch:x86image:win7-20220812-enlocale:en-usos:windows7-x64system
submitted
01-09-2022 07:50

Target

SWIFT_IMG_20220901_00078666587900.pdf.exe
Size

23KB
MD5

4e85dbb7ee02db82e5bc4e7e80e6a651
SHA1

a591f39a808a804aa642239599fd995f3a283419
SHA256

90be1936790b5dbe16e74ea0bdacedf3d7311c7427a3151769335bee789b9916
SHA512

72254243cf9014df00a21142fe2c734ca8caff4603898fe4363dc726ad06b027fc3f70539613b7d35f68bfe1085b275c226cb4bdfdc10eba6404d5f0e80b4ad0
SSDEEP

384:cn5wkUFE7LRM4eunOiU526JSINc+p8YlLHT5PoKVRUl:cn5wpE7LR4uOd2A1c+p8e8l

Score

1^/10

Suspicious use of AdjustPrivilegeToken 1 IoCs

description	pid	Process
Token: SeDebugPrivilege	1504	SWIFT_IMG_20220901_00078666587900.pdf.exe

C:\Users\Admin\AppData\Local\Temp\SWIFT_IMG_20220901_00078666587900.pdf.exe
"C:\Users\Admin\AppData\Local\Temp\SWIFT_IMG_20220901_00078666587900.pdf.exe"
1⤵
- Suspicious use of AdjustPrivilegeToken
PID:1504

memory/1504-54-0x0000000001350000-0x000000000135C000-memory.dmp

Filesize
48KB

Download
memory/1504-55-0x0000000075ED1000-0x0000000075ED3000-memory.dmp

Filesize
8KB

Download