cacae6414253adb53f45fdde77f42642cd773f2eb6061c2dbc9a2abbf095b90a

Analysis

max time kernel
267s
max time network
326s
platform
windows10-2004_x64
resource
win10v2004-20221111-en
resource tags

arch:x64arch:x86image:win10v2004-20221111-enlocale:en-usos:windows10-2004-x64system
submitted
24-11-2022 02:30

Target

SecuriteInfo.com.Win64.TrojanX-gen.12769.19216.exe
Size

444KB
MD5

cd2f268903f9f40e2daa1c867cd814e9
SHA1

a84269aef1bbe3ee773501514676031f85bca7cd
SHA256

cacae6414253adb53f45fdde77f42642cd773f2eb6061c2dbc9a2abbf095b90a
SHA512

3ae4370a20b099e322308bee9476d94cfbe97110ebc6d3fe805fef83c6d90ece17b1d4cdde5d9409a7dd24cd75b7773725aa331359b4fd6f777a0d75ae03fa91
SSDEEP

12288:RP37aKSQW3KDZ8Wi5jWGvJdUIM/assGkwFPB7OIgcA9KqFl:J7aKS7n5/pBzLoPB7OrcWLj

Score

1^/10

Suspicious use of AdjustPrivilegeToken 1 IoCs

Processes:

SecuriteInfo.com.Win64.TrojanX-gen.12769.19216.exe

description pid process

Token: SeDebugPrivilege 2620 SecuriteInfo.com.Win64.TrojanX-gen.12769.19216.exe

description	pid	process
Token: SeDebugPrivilege	2620	SecuriteInfo.com.Win64.TrojanX-gen.12769.19216.exe

C:\Users\Admin\AppData\Local\Temp\SecuriteInfo.com.Win64.TrojanX-gen.12769.19216.exe
"C:\Users\Admin\AppData\Local\Temp\SecuriteInfo.com.Win64.TrojanX-gen.12769.19216.exe"
1⤵
- Suspicious use of AdjustPrivilegeToken
PID:2620

C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exe
"C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exe"
2⤵
PID:1284

memory/2620-132-0x00000290EB780000-0x00000290EB7F4000-memory.dmp

Filesize
464KB

Download
memory/2620-133-0x00007FF8A0310000-0x00007FF8A0DD1000-memory.dmp

Filesize
10.8MB

Download
memory/2620-134-0x00007FF8A0310000-0x00007FF8A0DD1000-memory.dmp

Filesize
10.8MB

Download