322a81b498b09d7cefc03a2f61a483887c0d68117f5e33d751c9ef5e0263e3c9

Analysis

max time kernel
179s
max time network
197s
platform
windows10-2004_x64
resource
win10v2004-20220812-en
resource tags

arch:x64arch:x86image:win10v2004-20220812-enlocale:en-usos:windows10-2004-x64system
submitted
27/11/2022, 22:57

Target

322a81b498b09d7cefc03a2f61a483887c0d68117f5e33d751c9ef5e0263e3c9.exe
Size

252KB
MD5

a8962aff170239cbc4840a9cafe63b1c
SHA1

b9a870912e9741161ec61d631ee1dcdc8d4a26d0
SHA256

322a81b498b09d7cefc03a2f61a483887c0d68117f5e33d751c9ef5e0263e3c9
SHA512

a980620fb389b4b98ba5f9154499fd289c75dfb2db3048f6bc0b3d9f1f152916d3674052acd3b51b258f4bf0b3f20a4683ae1b58aace7af6f16d5d48eb6a8e29
SSDEEP

6144:0Amn+/N1chOOhR9029VNMij5f25kruFgbDIQN:0KNPOt0tP5kqFgbDIQN

Score

8^/10

upx

UPX packed file 2 IoCs

Detects executables packed with UPX/modified UPX open source packer.

resource	yara_rule
behavioral2/memory/736-132-0x0000000000400000-0x00000000004B7000-memory.dmp	upx
behavioral2/memory/736-133-0x0000000000400000-0x00000000004B7000-memory.dmp	upx

Suspicious use of AdjustPrivilegeToken 2 IoCs

description	pid	Process
Token: SeSecurityPrivilege	736	322a81b498b09d7cefc03a2f61a483887c0d68117f5e33d751c9ef5e0263e3c9.exe
Token: SeDebugPrivilege	736	322a81b498b09d7cefc03a2f61a483887c0d68117f5e33d751c9ef5e0263e3c9.exe

C:\Users\Admin\AppData\Local\Temp\322a81b498b09d7cefc03a2f61a483887c0d68117f5e33d751c9ef5e0263e3c9.exe
"C:\Users\Admin\AppData\Local\Temp\322a81b498b09d7cefc03a2f61a483887c0d68117f5e33d751c9ef5e0263e3c9.exe"
1⤵
- Suspicious use of AdjustPrivilegeToken
PID:736

memory/736-132-0x0000000000400000-0x00000000004B7000-memory.dmp

Filesize
732KB

Download
memory/736-133-0x0000000000400000-0x00000000004B7000-memory.dmp

Filesize
732KB

Download