bfd797db1735a1c672b9d299da535e99bdea096a6d9a1cd87d262c72ebabbc6a

Analysis

max time kernel
20s
max time network
48s
platform
windows7_x64
resource
win7-20220812-en
resource tags

arch:x64arch:x86image:win7-20220812-enlocale:en-usos:windows7-x64system
submitted
04/12/2022, 02:46

Target

bfd797db1735a1c672b9d299da535e99bdea096a6d9a1cd87d262c72ebabbc6a.exe
Size

208KB
MD5

0520d04be3f21759503c05d595b73810
SHA1

af04aeeea3716da23427510250556e04bc05228e
SHA256

bfd797db1735a1c672b9d299da535e99bdea096a6d9a1cd87d262c72ebabbc6a
SHA512

03293e2744aa7cdb255f8dacbdc543110f2c79c6666df489de0c47d8265f99f9eda87ad35aa6e5ce3cfb9225015e44055d6b3f69087b12ec12087a231f23dec9
SSDEEP

3072:l6PAf+Q8wJno2lKiXNbBrBWIgYb1PipxjN1IN3qH92o1wPDFensXKh3nHD/sqIfT:Klw9ayTBW1bpxjwZFFqDo

Score

1^/10

Suspicious use of AdjustPrivilegeToken 1 IoCs

description	pid	Process
Token: SeTakeOwnershipPrivilege	1072	bfd797db1735a1c672b9d299da535e99bdea096a6d9a1cd87d262c72ebabbc6a.exe

C:\Users\Admin\AppData\Local\Temp\bfd797db1735a1c672b9d299da535e99bdea096a6d9a1cd87d262c72ebabbc6a.exe
"C:\Users\Admin\AppData\Local\Temp\bfd797db1735a1c672b9d299da535e99bdea096a6d9a1cd87d262c72ebabbc6a.exe"
1⤵
- Suspicious use of AdjustPrivilegeToken
PID:1072

memory/1072-54-0x0000000074C91000-0x0000000074C93000-memory.dmp

Filesize
8KB

Download
memory/1072-55-0x0000000001000000-0x000000000114B000-memory.dmp

Filesize
1.3MB

Download