c25d9f0022af773f3be74d32ae7a5bd541441a698f1e52ec355468fe40ccecd3

Analysis

max time kernel
8s
platform
windows7_x64
resource
win7-20220901-en
resource tags

arch:x64arch:x86image:win7-20220901-enlocale:en-usos:windows7-x64system
submitted
22-10-2022 06:10

Target

c25d9f0022af773f3be74d32ae7a5bd541441a698f1e52ec355468fe40ccecd3.exe
Size

424KB
MD5

3d8c71de5e7c266362fbb2d1af145c63
SHA1

153332bb8a81a6e796847b205f38cbb2da69b710
SHA256

c25d9f0022af773f3be74d32ae7a5bd541441a698f1e52ec355468fe40ccecd3
SHA512

7a34d2d72d2b390d18f45eb8cbbf2daa67ba2470397f714dbc0e5f680bcb32a9b65fb81103a859a7378a97e30acfa134990467f3a35d95e8a2699ee0eb044f7d
SSDEEP

6144:zwLTYUfBg4Xu/6M8ijCVJLjg3KOQWREfxn9C2hMYhE03moXbftChXW3AxfulDGgB:zglK4XuiQaYR+n9CuLhEknblCJxfS6

Score

1^/10

Suspicious use of AdjustPrivilegeToken 1 IoCs

Processes:

c25d9f0022af773f3be74d32ae7a5bd541441a698f1e52ec355468fe40ccecd3.exe

description pid process

Token: SeDebugPrivilege 1284 c25d9f0022af773f3be74d32ae7a5bd541441a698f1e52ec355468fe40ccecd3.exe

description	pid	process
Token: SeDebugPrivilege	1284	c25d9f0022af773f3be74d32ae7a5bd541441a698f1e52ec355468fe40ccecd3.exe

C:\Users\Admin\AppData\Local\Temp\c25d9f0022af773f3be74d32ae7a5bd541441a698f1e52ec355468fe40ccecd3.exe
"C:\Users\Admin\AppData\Local\Temp\c25d9f0022af773f3be74d32ae7a5bd541441a698f1e52ec355468fe40ccecd3.exe"
1⤵
- Suspicious use of AdjustPrivilegeToken
PID:1284

memory/1284-54-0x00000000762E1000-0x00000000762E3000-memory.dmp

Filesize
8KB

Download
memory/1284-55-0x0000000000400000-0x00000000004AD000-memory.dmp

Filesize
692KB

Download
memory/1284-59-0x0000000001EF0000-0x0000000001F75000-memory.dmp

Filesize
532KB

Download