2c7f86463ea0fbf195720c48288ec7fe03abec474b210865255bcf50e6108d94

Analysis

max time kernel
91s
max time network
153s
platform
windows10-2004_x64
resource
win10v2004-20220901-en
resource tags

arch:x64arch:x86image:win10v2004-20220901-enlocale:en-usos:windows10-2004-x64system
submitted
12-11-2022 03:33

Target

416/d7175fc8f8d2c38619a6335a5f8c83de00108016aa80c8d34246be3d7afb8d6d.exe
Size

10KB
MD5

c9b2d5c36c6c0e00219c658c41f7cd46
SHA1

7f6b727cf8449441a4b15b4100750f5c1b9ee28d
SHA256

d7175fc8f8d2c38619a6335a5f8c83de00108016aa80c8d34246be3d7afb8d6d
SHA512

5055b818214644c8fd929d0de7e58890a05deb2071768a9ebf98ce99f92a2f522d4451de24b85afd009af941e5e526f3e8a085615ce29e539bf7a54eee912867
SSDEEP

192:mrxrZIMD7rZARRtIaTaVsTiIn5Yh4Og3a0npS7Vk:YN7rsRtIc9TiIn5A2aypSh

Score

1^/10

Suspicious use of AdjustPrivilegeToken 1 IoCs

Processes:

d7175fc8f8d2c38619a6335a5f8c83de00108016aa80c8d34246be3d7afb8d6d.exe

description pid process

Token: SeDebugPrivilege 848 d7175fc8f8d2c38619a6335a5f8c83de00108016aa80c8d34246be3d7afb8d6d.exe

description	pid	process
Token: SeDebugPrivilege	848	d7175fc8f8d2c38619a6335a5f8c83de00108016aa80c8d34246be3d7afb8d6d.exe

C:\Users\Admin\AppData\Local\Temp\416\d7175fc8f8d2c38619a6335a5f8c83de00108016aa80c8d34246be3d7afb8d6d.exe
"C:\Users\Admin\AppData\Local\Temp\416\d7175fc8f8d2c38619a6335a5f8c83de00108016aa80c8d34246be3d7afb8d6d.exe"
1⤵
- Suspicious use of AdjustPrivilegeToken
PID:848

memory/848-132-0x0000000000640000-0x0000000000648000-memory.dmp

Filesize
32KB

Download