4e6af4934316a2f68ce641b4e59a3a5ceaa4c2e5699549a58861579d639544a4

Analysis

max time kernel
254s
max time network
276s
platform
windows10-2004_x64
resource
win10v2004-20221111-en
resource tags

arch:x64arch:x86image:win10v2004-20221111-enlocale:en-usos:windows10-2004-x64system
submitted
01/12/2022, 07:44

Target

4e6af4934316a2f68ce641b4e59a3a5ceaa4c2e5699549a58861579d639544a4.exe
Size

384KB
MD5

cd88daabb78aa95b16a06f9070d171b8
SHA1

feb07922138ffad592c32d9d36b1837a7cf84fc1
SHA256

4e6af4934316a2f68ce641b4e59a3a5ceaa4c2e5699549a58861579d639544a4
SHA512

3cc596b7779d1321a56a26263cd5dd640cf2640ef5d1d9ca1d85ff8203c1c783ef7b05e5f956daa1206a38a3b0d8b49a784ff792a8f32b495e1318d1c9d3bf20
SSDEEP

6144:qhs+TEvD/J3TF5F2uWeMGVGJltyf90jwdguxfG:p+TQVTFeun/GJ/jwi

Score

1^/10

Suspicious use of AdjustPrivilegeToken 1 IoCs

description	pid	Process
Token: SeDebugPrivilege	4864	4e6af4934316a2f68ce641b4e59a3a5ceaa4c2e5699549a58861579d639544a4.exe

C:\Users\Admin\AppData\Local\Temp\4e6af4934316a2f68ce641b4e59a3a5ceaa4c2e5699549a58861579d639544a4.exe
"C:\Users\Admin\AppData\Local\Temp\4e6af4934316a2f68ce641b4e59a3a5ceaa4c2e5699549a58861579d639544a4.exe"
1⤵
- Suspicious use of AdjustPrivilegeToken
PID:4864

memory/4864-132-0x00000000003A0000-0x0000000000417000-memory.dmp

Filesize
476KB

Download
memory/4864-133-0x00000000370D0000-0x00000000370E0000-memory.dmp

Filesize
64KB

Download