0602f79c52643a332e5cbb22fe241826b1f3a12ad83b4f934b6d1d2a78cc6981

Analysis

max time kernel
8s
platform
windows7_x64
resource
win7-20220812-en
resource tags

arch:x64arch:x86image:win7-20220812-enlocale:en-usos:windows7-x64system
submitted
22-10-2022 02:12

Target

0602f79c52643a332e5cbb22fe241826b1f3a12ad83b4f934b6d1d2a78cc6981.exe
Size

360KB
MD5

6ddeb9f7d1a1280673d8ce9275ae688d
SHA1

0d114b641ce91822410fcb575c608b3c20e47e20
SHA256

0602f79c52643a332e5cbb22fe241826b1f3a12ad83b4f934b6d1d2a78cc6981
SHA512

8a42094cc4f4b4f46f15bd1e43f56909eba0ce806305aaa5d5ac456af27e1348b0b2219dc8fa65995084c56e49c1a2c282fd10169333559d7c7b0706cbe9f378
SSDEEP

6144:z7gwRLGIfDA/Bgy8SqxglbUuYk6juoK6IqivYaBhdea7Qd88bM:QwRLZfDApo0AbSoKc2Yaxm8t

Score

1^/10

Suspicious use of AdjustPrivilegeToken 1 IoCs

Processes:

0602f79c52643a332e5cbb22fe241826b1f3a12ad83b4f934b6d1d2a78cc6981.exe

description	pid	Process
Token: SeDebugPrivilege	1080	0602f79c52643a332e5cbb22fe241826b1f3a12ad83b4f934b6d1d2a78cc6981.exe

C:\Users\Admin\AppData\Local\Temp\0602f79c52643a332e5cbb22fe241826b1f3a12ad83b4f934b6d1d2a78cc6981.exe
"C:\Users\Admin\AppData\Local\Temp\0602f79c52643a332e5cbb22fe241826b1f3a12ad83b4f934b6d1d2a78cc6981.exe"
1⤵
- Suspicious use of AdjustPrivilegeToken
PID:1080

memory/1080-54-0x00000000758C1000-0x00000000758C3000-memory.dmp

Filesize
8KB

Download
memory/1080-55-0x0000000000400000-0x000000000049D000-memory.dmp

Filesize
628KB

Download
memory/1080-59-0x0000000000310000-0x0000000000396000-memory.dmp

Filesize
536KB

Download