25a8851a4550608d1fa35076f6ddd0fbdbdc9197e1cb6a9d33104d682e5e1be5

Analysis

max time kernel
134s
max time network
151s
platform
windows10-2004_x64
resource
win10v2004-20220812-en
resource tags

arch:x64arch:x86image:win10v2004-20220812-enlocale:en-usos:windows10-2004-x64system
submitted
11/10/2022, 00:28

Target

25a8851a4550608d1fa35076f6ddd0fbdbdc9197e1cb6a9d33104d682e5e1be5.exe
Size

267KB
MD5

64c1372f8a80e560e8d7cc956787a054
SHA1

3b0670ce9e03418607d65936af62ea6c6499f3a0
SHA256

25a8851a4550608d1fa35076f6ddd0fbdbdc9197e1cb6a9d33104d682e5e1be5
SHA512

5f82f0f191682da3b36020326b7f241e0408d901fd7cbf50be261a36f86c170126021a2d9b1b1ce441e3280bc3c265e676f97caee2a791ad017045aca71f6191
SSDEEP

3072:gSIptA+8xCJXoJN+qvFur7F1PYUGQQEKGLY+q+XrNJd2/GP+ohVLD/xi3V7JRWmn:QptA+oGpNJlpi3VNBuRGt0dE

Score

8^/10

upx

UPX packed file 2 IoCs

Detects executables packed with UPX/modified UPX open source packer.

resource	yara_rule
behavioral2/memory/4280-132-0x0000000000400000-0x000000000046A000-memory.dmp	upx
behavioral2/memory/4280-133-0x0000000000400000-0x000000000046A000-memory.dmp	upx

Suspicious use of AdjustPrivilegeToken 1 IoCs

description	pid	Process
Token: SeTakeOwnershipPrivilege	4280	25a8851a4550608d1fa35076f6ddd0fbdbdc9197e1cb6a9d33104d682e5e1be5.exe

C:\Users\Admin\AppData\Local\Temp\25a8851a4550608d1fa35076f6ddd0fbdbdc9197e1cb6a9d33104d682e5e1be5.exe
"C:\Users\Admin\AppData\Local\Temp\25a8851a4550608d1fa35076f6ddd0fbdbdc9197e1cb6a9d33104d682e5e1be5.exe"
1⤵
- Suspicious use of AdjustPrivilegeToken
PID:4280

memory/4280-132-0x0000000000400000-0x000000000046A000-memory.dmp

Filesize
424KB

Download
memory/4280-133-0x0000000000400000-0x000000000046A000-memory.dmp

Filesize
424KB

Download