aaf7f9aec5084bbdd8dbb6b59e18b78cac4298aa28971712f92228a82b2d1316

Analysis

max time kernel
41s
max time network
47s
platform
windows7_x64
resource
win7-20220812-en
resource tags

arch:x64arch:x86image:win7-20220812-enlocale:en-usos:windows7-x64system
submitted
03/12/2022, 21:09

Target

aaf7f9aec5084bbdd8dbb6b59e18b78cac4298aa28971712f92228a82b2d1316.exe
Size

289KB
MD5

942f1467f5f777ef102eb948c4d438fe
SHA1

10b72df9351f2d8b7998fe4fb8e983e7254f64d9
SHA256

aaf7f9aec5084bbdd8dbb6b59e18b78cac4298aa28971712f92228a82b2d1316
SHA512

38071a2c7221db9cf2253d011099a54f2bad6816673ca0e0c72187745d5fbed076ae47496247b9a83f046f264bc0279646c611b6729b2e5a08a8b838f2d64dc1
SSDEEP

6144:eL0zDHUU1LaqMRHQECf0iDTNGuxL6+a9+dsDnhp4vq/N0pbeQ:eL0cua3HkXTNGiLBSnhpaq1a9

Score

1^/10

Suspicious use of AdjustPrivilegeToken 1 IoCs

description	pid	Process
Token: SeDebugPrivilege	1920	aaf7f9aec5084bbdd8dbb6b59e18b78cac4298aa28971712f92228a82b2d1316.exe

C:\Users\Admin\AppData\Local\Temp\aaf7f9aec5084bbdd8dbb6b59e18b78cac4298aa28971712f92228a82b2d1316.exe
"C:\Users\Admin\AppData\Local\Temp\aaf7f9aec5084bbdd8dbb6b59e18b78cac4298aa28971712f92228a82b2d1316.exe"
1⤵
- Suspicious use of AdjustPrivilegeToken
PID:1920

memory/1920-54-0x0000000000400000-0x00000000004F7000-memory.dmp

Filesize
988KB

Download
memory/1920-56-0x0000000000400000-0x00000000004F7000-memory.dmp

Filesize
988KB

Download
memory/1920-57-0x0000000076121000-0x0000000076123000-memory.dmp

Filesize
8KB

Download
memory/1920-58-0x0000000000400000-0x00000000004F7000-memory.dmp

Filesize
988KB

Download
memory/1920-60-0x0000000000400000-0x00000000004F7000-memory.dmp

Filesize
988KB

Download
memory/1920-61-0x0000000000400000-0x00000000004F7000-memory.dmp

Filesize
988KB

Download