2725fd24ec853c1724c27bfde996f93baf9f44c9c8f96b6e59708959694b6a3c

Analysis

max time kernel
402s
max time network
450s
platform
windows10-2004_x64
resource
win10v2004-20221111-en
resource tags

arch:x64arch:x86image:win10v2004-20221111-enlocale:en-usos:windows10-2004-x64system
submitted
23-11-2022 09:39

Target

2725fd24ec853c1724c27bfde996f93baf9f44c9c8f96b6e59708959694b6a3c.exe
Size

513KB
MD5

54f50f9113735eda1abb252942a1e2a6
SHA1

59cfb1d4c66cae5e1f144c37ded3de5f150c89d0
SHA256

2725fd24ec853c1724c27bfde996f93baf9f44c9c8f96b6e59708959694b6a3c
SHA512

a9bd8c367471aae9e9696cb57866f4b5d7485e704d8cd62687b66613e7ec5a44322bcccce3756d7f9cff8f7e3b4c56aba7c6e8060eaefe0967250e2b40ef6124
SSDEEP

6144:eACT0ekq+7G40l/qDAqmglWGbl7sv6Q180p9wC4X:eACTR+76/jqPlWKsdXw

Score

1^/10

Suspicious use of AdjustPrivilegeToken 3 IoCs

Processes:

2725fd24ec853c1724c27bfde996f93baf9f44c9c8f96b6e59708959694b6a3c.exe

description	pid	process
Token: SeDebugPrivilege	380	2725fd24ec853c1724c27bfde996f93baf9f44c9c8f96b6e59708959694b6a3c.exe
Token: 33	380	2725fd24ec853c1724c27bfde996f93baf9f44c9c8f96b6e59708959694b6a3c.exe
Token: SeIncBasePriorityPrivilege	380	2725fd24ec853c1724c27bfde996f93baf9f44c9c8f96b6e59708959694b6a3c.exe

C:\Users\Admin\AppData\Local\Temp\2725fd24ec853c1724c27bfde996f93baf9f44c9c8f96b6e59708959694b6a3c.exe
"C:\Users\Admin\AppData\Local\Temp\2725fd24ec853c1724c27bfde996f93baf9f44c9c8f96b6e59708959694b6a3c.exe"
1⤵
- Suspicious use of AdjustPrivilegeToken
PID:380

memory/380-132-0x00000000749F0000-0x0000000074FA1000-memory.dmp

Filesize
5.7MB

Download
memory/380-133-0x00000000749F0000-0x0000000074FA1000-memory.dmp

Filesize
5.7MB

Download