4d4d4814f5669806a793c46effe9312c718e16b953bf2ca965bc2769e39fc22c

Analysis

max time kernel
160s
max time network
165s
platform
windows10-2004_x64
resource
win10v2004-20221111-en
resource tags

arch:x64arch:x86image:win10v2004-20221111-enlocale:en-usos:windows10-2004-x64system
submitted
23-11-2022 15:33

Target

4d4d4814f5669806a793c46effe9312c718e16b953bf2ca965bc2769e39fc22c.exe
Size

193KB
MD5

deccb117e68f1ebbca7e85b2a16ce8a4
SHA1

6b71bd9a2e64390c71e1d94567012c4a82c7bc5d
SHA256

4d4d4814f5669806a793c46effe9312c718e16b953bf2ca965bc2769e39fc22c
SHA512

582849880f29d261347a964d4e66ad6f53a8bb10b22ed9d756ac7f72e14d71594d5648e227b46aacea131a05de15f7dad7c5d3ebe8fffcf9dca0171bf3c47e7a
SSDEEP

3072:d/9rjX/s6gNn/7BhYMTiNtZJK3qbA/855Bc/Ln2U2A/:nXX/s60/7PLTiNfJtbHyj2U2A

Score

4^/10

Drops file in Windows directory 1 IoCs

Processes:

4d4d4814f5669806a793c46effe9312c718e16b953bf2ca965bc2769e39fc22c.exe

description ioc process

File created C:\Windows\Server.exe 4d4d4814f5669806a793c46effe9312c718e16b953bf2ca965bc2769e39fc22c.exe
Suspicious use of AdjustPrivilegeToken 1 IoCs

Processes:

4d4d4814f5669806a793c46effe9312c718e16b953bf2ca965bc2769e39fc22c.exe

description pid process

Token: SeDebugPrivilege 2024 4d4d4814f5669806a793c46effe9312c718e16b953bf2ca965bc2769e39fc22c.exe

description	ioc	process
File created	C:\Windows\Server.exe	4d4d4814f5669806a793c46effe9312c718e16b953bf2ca965bc2769e39fc22c.exe

description	pid	process
Token: SeDebugPrivilege	2024	4d4d4814f5669806a793c46effe9312c718e16b953bf2ca965bc2769e39fc22c.exe

memory/2024-132-0x0000000074B70000-0x0000000075121000-memory.dmp

Filesize
5.7MB

Download
memory/2024-133-0x0000000074B70000-0x0000000075121000-memory.dmp

Filesize
5.7MB

Download