0394f31c6b26dfa4ccb1dc0f33ae9792e0b8663b786c31079eb625923a53005b

Analysis

max time kernel
3s
max time network
32s
platform
windows7_x64
resource
win7-20221111-en
resource tags

arch:x64arch:x86image:win7-20221111-enlocale:en-usos:windows7-x64system
submitted
23-11-2022 23:41

Target

0394f31c6b26dfa4ccb1dc0f33ae9792e0b8663b786c31079eb625923a53005b.exe
Size

763KB
MD5

4e54c8d645d43583ff794b71c601d464
SHA1

24a90b8bd8bf4e0ead9f36b83212a89f18787a8d
SHA256

0394f31c6b26dfa4ccb1dc0f33ae9792e0b8663b786c31079eb625923a53005b
SHA512

23a37e407d7c6797a7084ac1e42e618d29577d687d65c6adc315ae765e596c54ba91ac0987ed74a9dc72032943bd58f1964a6e5ad752c2d0b410f87ad454987f
SSDEEP

12288:q6lg9NZK9jbrW5AwGwHDx1fKIWnxvVtO2tjvP5cU7MoShS/JXpxqL:l+969/rW5AjixF+xvjO2tRWiXq

Score

1^/10

Suspicious use of AdjustPrivilegeToken 1 IoCs

Processes:

0394f31c6b26dfa4ccb1dc0f33ae9792e0b8663b786c31079eb625923a53005b.exe

description pid process

Token: SeDebugPrivilege 484 0394f31c6b26dfa4ccb1dc0f33ae9792e0b8663b786c31079eb625923a53005b.exe

description	pid	process
Token: SeDebugPrivilege	484	0394f31c6b26dfa4ccb1dc0f33ae9792e0b8663b786c31079eb625923a53005b.exe

C:\Users\Admin\AppData\Local\Temp\0394f31c6b26dfa4ccb1dc0f33ae9792e0b8663b786c31079eb625923a53005b.exe
"C:\Users\Admin\AppData\Local\Temp\0394f31c6b26dfa4ccb1dc0f33ae9792e0b8663b786c31079eb625923a53005b.exe"
1⤵
- Suspicious use of AdjustPrivilegeToken
PID:484

memory/484-54-0x0000000074D71000-0x0000000074D73000-memory.dmp

Filesize
8KB

Download