e9dfccaee3b5de09b9d67759d039111f6b908d61dd4ed01e21d5d78e03b69660

Analysis

max time kernel
134s
max time network
154s
platform
windows10-2004_x64
resource
win10v2004-20220901-en
resource tags

arch:x64arch:x86image:win10v2004-20220901-enlocale:en-usos:windows10-2004-x64system
submitted
03/01/2023, 05:42

Target

e9dfccaee3b5de09b9d67759d039111f6b908d61dd4ed01e21d5d78e03b69660.exe
Size

405KB
MD5

269a4f7941145666f7899b2bf22daf0e
SHA1

acc3aafd94ff141e06c71d2955fcf7b1e3d612e9
SHA256

e9dfccaee3b5de09b9d67759d039111f6b908d61dd4ed01e21d5d78e03b69660
SHA512

a65953b2864277ce548227ef022c7a8e478edc7fe106c5ad8ba390b6732141f6f1c175350e58f66abb3d537891f134846937dd402f782350954786e3d266d4fb
SSDEEP

6144:Dqc/to1qgVZT04XyVMNCImaRmfpGkjBq8WcMGeJD:Dq0mzLdyVMZmfAkd5M

Score

1^/10

Suspicious use of AdjustPrivilegeToken 1 IoCs

description	pid	Process
Token: SeDebugPrivilege	3916	e9dfccaee3b5de09b9d67759d039111f6b908d61dd4ed01e21d5d78e03b69660.exe

C:\Users\Admin\AppData\Local\Temp\e9dfccaee3b5de09b9d67759d039111f6b908d61dd4ed01e21d5d78e03b69660.exe
"C:\Users\Admin\AppData\Local\Temp\e9dfccaee3b5de09b9d67759d039111f6b908d61dd4ed01e21d5d78e03b69660.exe"
1⤵
- Suspicious use of AdjustPrivilegeToken
PID:3916

memory/3916-132-0x0000000000AE8000-0x0000000000B1B000-memory.dmp

Filesize
204KB

Download
memory/3916-133-0x00000000009E0000-0x0000000000A4E000-memory.dmp

Filesize
440KB

Download
memory/3916-134-0x0000000004EF0000-0x0000000005494000-memory.dmp

Filesize
5.6MB

Download
memory/3916-135-0x0000000000400000-0x0000000000868000-memory.dmp

Filesize
4.4MB

Download
memory/3916-136-0x00000000054F0000-0x0000000005B08000-memory.dmp

Filesize
6.1MB

Download
memory/3916-137-0x0000000005B20000-0x0000000005B32000-memory.dmp

Filesize
72KB

Download
memory/3916-138-0x0000000005B40000-0x0000000005C4A000-memory.dmp

Filesize
1.0MB

Download
memory/3916-139-0x0000000005C50000-0x0000000005C8C000-memory.dmp

Filesize
240KB

Download
memory/3916-140-0x0000000000AE8000-0x0000000000B1B000-memory.dmp

Filesize
204KB

Download