Analysis
-
max time kernel
84s -
max time network
128s -
platform
windows10-2004_x64 -
resource
win10v2004-20220901-en -
resource tags
arch:x64arch:x86image:win10v2004-20220901-enlocale:en-usos:windows10-2004-x64system -
submitted
13/09/2022, 11:33
Static task
static1
Behavioral task
behavioral1
Sample
win10优化/Win10 Security Plus CHS.exe
Resource
win7-20220812-en
windows7-x64
1 signatures
150 seconds
Behavioral task
behavioral2
Sample
win10优化/Win10 Security Plus CHS.exe
Resource
win10v2004-20220901-en
windows10-2004-x64
1 signatures
150 seconds
Behavioral task
behavioral3
Sample
win10优化/小高网地址发布页.url
Resource
win7-20220812-en
windows7-x64
0 signatures
150 seconds
Behavioral task
behavioral4
Sample
win10优化/小高网地址发布页.url
Resource
win10v2004-20220812-en
windows10-2004-x64
0 signatures
150 seconds
General
-
Target
win10优化/Win10 Security Plus CHS.exe
-
Size
2.3MB
-
MD5
739135f2db647ed8737b611023aa2cb7
-
SHA1
cc91457e408358d92e51236ac9946cc144cd995a
-
SHA256
6d3ed91a7c6b6a3aa4b5859e46207779ad4f0fcc2c8607eaa8c7a496563d5c0d
-
SHA512
f7160092d00ffc7bdfae7198357f97461228b68be8aeb8f47a1f1d69ea565a4d96f010d608996cc7f6f93d4cd6837328ae0e1556ae3b5eef3c41a77ac0959f91
-
SSDEEP
24576:ootv5r6dH3r0bAr9BTSEUDCE/pM1sRm3VWVTugg+Qy+lYBF:7tv5rWH3r0bAr9RSXpM1pCTugryY
Score
1/10
Malware Config
Signatures
-
Suspicious use of AdjustPrivilegeToken 64 IoCs
description pid Process Token: 0 5032 Win10 Security Plus CHS.exe Token: 1 5032 Win10 Security Plus CHS.exe Token: SeCreateTokenPrivilege 5032 Win10 Security Plus CHS.exe Token: SeAssignPrimaryTokenPrivilege 5032 Win10 Security Plus CHS.exe Token: SeLockMemoryPrivilege 5032 Win10 Security Plus CHS.exe Token: SeIncreaseQuotaPrivilege 5032 Win10 Security Plus CHS.exe Token: SeMachineAccountPrivilege 5032 Win10 Security Plus CHS.exe Token: SeTcbPrivilege 5032 Win10 Security Plus CHS.exe Token: SeSecurityPrivilege 5032 Win10 Security Plus CHS.exe Token: SeTakeOwnershipPrivilege 5032 Win10 Security Plus CHS.exe Token: SeLoadDriverPrivilege 5032 Win10 Security Plus CHS.exe Token: SeSystemProfilePrivilege 5032 Win10 Security Plus CHS.exe Token: SeSystemtimePrivilege 5032 Win10 Security Plus CHS.exe Token: SeProfSingleProcessPrivilege 5032 Win10 Security Plus CHS.exe Token: SeIncBasePriorityPrivilege 5032 Win10 Security Plus CHS.exe Token: SeCreatePagefilePrivilege 5032 Win10 Security Plus CHS.exe Token: SeCreatePermanentPrivilege 5032 Win10 Security Plus CHS.exe Token: SeBackupPrivilege 5032 Win10 Security Plus CHS.exe Token: SeRestorePrivilege 5032 Win10 Security Plus CHS.exe Token: SeShutdownPrivilege 5032 Win10 Security Plus CHS.exe Token: SeDebugPrivilege 5032 Win10 Security Plus CHS.exe Token: SeAuditPrivilege 5032 Win10 Security Plus CHS.exe Token: SeSystemEnvironmentPrivilege 5032 Win10 Security Plus CHS.exe Token: SeChangeNotifyPrivilege 5032 Win10 Security Plus CHS.exe Token: SeRemoteShutdownPrivilege 5032 Win10 Security Plus CHS.exe Token: SeUndockPrivilege 5032 Win10 Security Plus CHS.exe Token: SeSyncAgentPrivilege 5032 Win10 Security Plus CHS.exe Token: SeEnableDelegationPrivilege 5032 Win10 Security Plus CHS.exe Token: SeManageVolumePrivilege 5032 Win10 Security Plus CHS.exe Token: SeImpersonatePrivilege 5032 Win10 Security Plus CHS.exe Token: SeCreateGlobalPrivilege 5032 Win10 Security Plus CHS.exe Token: 31 5032 Win10 Security Plus CHS.exe Token: 32 5032 Win10 Security Plus CHS.exe Token: 33 5032 Win10 Security Plus CHS.exe Token: 34 5032 Win10 Security Plus CHS.exe Token: 35 5032 Win10 Security Plus CHS.exe Token: 36 5032 Win10 Security Plus CHS.exe Token: 37 5032 Win10 Security Plus CHS.exe Token: 38 5032 Win10 Security Plus CHS.exe Token: 39 5032 Win10 Security Plus CHS.exe Token: 40 5032 Win10 Security Plus CHS.exe Token: 41 5032 Win10 Security Plus CHS.exe Token: 42 5032 Win10 Security Plus CHS.exe Token: 43 5032 Win10 Security Plus CHS.exe Token: 44 5032 Win10 Security Plus CHS.exe Token: 45 5032 Win10 Security Plus CHS.exe Token: 46 5032 Win10 Security Plus CHS.exe Token: 47 5032 Win10 Security Plus CHS.exe Token: 48 5032 Win10 Security Plus CHS.exe Token: 49 5032 Win10 Security Plus CHS.exe Token: 50 5032 Win10 Security Plus CHS.exe Token: 51 5032 Win10 Security Plus CHS.exe Token: 52 5032 Win10 Security Plus CHS.exe Token: 53 5032 Win10 Security Plus CHS.exe Token: 54 5032 Win10 Security Plus CHS.exe Token: 55 5032 Win10 Security Plus CHS.exe Token: 56 5032 Win10 Security Plus CHS.exe Token: 57 5032 Win10 Security Plus CHS.exe Token: 58 5032 Win10 Security Plus CHS.exe Token: 59 5032 Win10 Security Plus CHS.exe Token: 60 5032 Win10 Security Plus CHS.exe Token: 61 5032 Win10 Security Plus CHS.exe Token: 62 5032 Win10 Security Plus CHS.exe Token: 63 5032 Win10 Security Plus CHS.exe