9b3294989b00d13ae693fe9bfb7f858032c7ab20f3abc1a5900ad86ec2255939

Analysis

max time kernel
230s
max time network
336s
platform
windows7_x64
resource
win7-20221111-en
resource tags

arch:x64arch:x86image:win7-20221111-enlocale:en-usos:windows7-x64system
submitted
04-12-2022 12:38

Target

9b3294989b00d13ae693fe9bfb7f858032c7ab20f3abc1a5900ad86ec2255939.exe
Size

113KB
MD5

92b285a636cc04f1d9931c436205d4a4
SHA1

bff4530b779df745f9dbd91f5c2544e59f98278e
SHA256

9b3294989b00d13ae693fe9bfb7f858032c7ab20f3abc1a5900ad86ec2255939
SHA512

c71a14e73f8da7190ab620d3860408dbe95285e14f833c901191a13ec9623b8fab6f635c9461fea612f3e41c0c7fc6e9cc397f1a07f73433bbe3d711ce5bc72c
SSDEEP

3072:wEwuFhP3ZEhJluVuZ9DV9dN98azaQta8ataKa8cpaFUIWTa7xdHKXwk:DhuTluWpm26UhTA

Score

1^/10

Suspicious use of AdjustPrivilegeToken 1 IoCs

description	pid	Process
Token: SeDebugPrivilege	612	9b3294989b00d13ae693fe9bfb7f858032c7ab20f3abc1a5900ad86ec2255939.exe

C:\Users\Admin\AppData\Local\Temp\9b3294989b00d13ae693fe9bfb7f858032c7ab20f3abc1a5900ad86ec2255939.exe
"C:\Users\Admin\AppData\Local\Temp\9b3294989b00d13ae693fe9bfb7f858032c7ab20f3abc1a5900ad86ec2255939.exe"
1⤵
- Suspicious use of AdjustPrivilegeToken
PID:612

memory/612-54-0x00000000767C1000-0x00000000767C3000-memory.dmp

Filesize
8KB

Download