c134a0ac2809efa669ab3e69597873916f629aca0581664159c4d101a6adc609

Analysis

max time kernel
7s
platform
windows7_x64
resource
win7-20220812-en
resource tags

arch:x64arch:x86image:win7-20220812-enlocale:en-usos:windows7-x64system
submitted
23-10-2022 22:23

Target

c134a0ac2809efa669ab3e69597873916f629aca0581664159c4d101a6adc609.exe
Size

328KB
MD5

77b3d8d5850b5735e58db6fc281f763f
SHA1

cd4813d5533f1894f8b6ece019c577f46d5fa4ec
SHA256

c134a0ac2809efa669ab3e69597873916f629aca0581664159c4d101a6adc609
SHA512

728f6691a97153a1159f2fcdc2fb7257fe38eef2a3b900ae1d44ad8235f943a015fc74b27839a0d1bca7aba7af10e19a785b3795571310c1a11711b23a20fd2f
SSDEEP

6144:F4MKA86q6kcKPqCAOFPmvSNQgstAw/u5jp2hnU4ZcRdN1Sgg68:F9x1KNRmKN+/Mk3eBU

Score

1^/10

Suspicious use of AdjustPrivilegeToken 1 IoCs

Processes:

c134a0ac2809efa669ab3e69597873916f629aca0581664159c4d101a6adc609.exe

description pid process

Token: SeDebugPrivilege 1652 c134a0ac2809efa669ab3e69597873916f629aca0581664159c4d101a6adc609.exe

description	pid	process
Token: SeDebugPrivilege	1652	c134a0ac2809efa669ab3e69597873916f629aca0581664159c4d101a6adc609.exe

C:\Users\Admin\AppData\Local\Temp\c134a0ac2809efa669ab3e69597873916f629aca0581664159c4d101a6adc609.exe
"C:\Users\Admin\AppData\Local\Temp\c134a0ac2809efa669ab3e69597873916f629aca0581664159c4d101a6adc609.exe"
1⤵
- Suspicious use of AdjustPrivilegeToken
PID:1652

memory/1652-54-0x0000000076041000-0x0000000076043000-memory.dmp

Filesize
8KB

Download
memory/1652-55-0x0000000000400000-0x0000000000495000-memory.dmp

Filesize
596KB

Download
memory/1652-59-0x0000000001D20000-0x0000000001DA5000-memory.dmp

Filesize
532KB

Download