a187b0b66f0488e4d22c79653782e9762978419cbd9f957557448eb6bb9ae4e2

Analysis

max time kernel
40s
max time network
45s
platform
windows7_x64
resource
win7-20220812-en
resource tags

arch:x64arch:x86image:win7-20220812-enlocale:en-usos:windows7-x64system
submitted
27/11/2022, 21:41

Target

a187b0b66f0488e4d22c79653782e9762978419cbd9f957557448eb6bb9ae4e2.exe
Size

1.1MB
MD5

0afed65bd91a981875741eac77838a7b
SHA1

758997f10df3c3fbcb96dd1d8a8ac0e1493b4b51
SHA256

a187b0b66f0488e4d22c79653782e9762978419cbd9f957557448eb6bb9ae4e2
SHA512

76b31819b33aed1241ae65838afe0e543d1791a837d95c85a938ff3c483fa0c351c5a1b78aa94659d30813f0b091ea8fe279eaa99e3975d9b049285d6b23a93f
SSDEEP

24576:P2qJ8q+JnWUqFa1FNB6bI2Oyx0EvmJvfHWmAjoX1b:O7qeWUJH6s2DO3vc

Score

1^/10

Suspicious use of AdjustPrivilegeToken 1 IoCs

description	pid	Process
Token: SeDebugPrivilege	2020	a187b0b66f0488e4d22c79653782e9762978419cbd9f957557448eb6bb9ae4e2.exe

C:\Users\Admin\AppData\Local\Temp\a187b0b66f0488e4d22c79653782e9762978419cbd9f957557448eb6bb9ae4e2.exe
"C:\Users\Admin\AppData\Local\Temp\a187b0b66f0488e4d22c79653782e9762978419cbd9f957557448eb6bb9ae4e2.exe"
1⤵
- Suspicious use of AdjustPrivilegeToken
PID:2020

memory/2020-54-0x0000000075451000-0x0000000075453000-memory.dmp

Filesize
8KB

Download
memory/2020-55-0x0000000000400000-0x000000000049C000-memory.dmp

Filesize
624KB

Download
memory/2020-56-0x0000000000400000-0x0000000000402000-memory.dmp

Filesize
8KB

Download
memory/2020-57-0x0000000000400000-0x0000000000458000-memory.dmp

Filesize
352KB

Download
memory/2020-58-0x0000000000400000-0x000000000049C000-memory.dmp

Filesize
624KB

Download
memory/2020-59-0x000000007EFA0000-0x000000007EFA8000-memory.dmp

Filesize
32KB

Download
memory/2020-60-0x0000000004A85000-0x0000000004A96000-memory.dmp

Filesize
68KB

Download
memory/2020-61-0x0000000004A85000-0x0000000004A96000-memory.dmp

Filesize
68KB

Download