0bbd5efd22e3bbf2ed7e1e380053b782a464841c26b473081dee619adbc3d26f

Analysis

max time kernel
91s
max time network
145s
platform
windows10-2004_x64
resource
win10v2004-20221111-en
resource tags

arch:x64arch:x86image:win10v2004-20221111-enlocale:en-usos:windows10-2004-x64system
submitted
11/01/2023, 16:55

Target

0bbd5efd22e3bbf2ed7e1e380053b782a464841c26b473081dee619adbc3d26f.exe
Size

957KB
MD5

7073db9e89e6b20255e3820fb5f7ea6a
SHA1

8d2e12e7a47696a930ec566d6be782ab09571a36
SHA256

0bbd5efd22e3bbf2ed7e1e380053b782a464841c26b473081dee619adbc3d26f
SHA512

753ba7a2c1b54edab45fc61c06158b37b82dd2d80abfe5c5daee4a347267a60ab49fbb97b5a3515d50417f1b8e3d5774a2a7783a668a2279fa89e3d42fb6754f
SSDEEP

24576:GVkcZx4mb4GmSCzQVeIonnnskhkS0aVuc:NyxPb12QQIonnskhoyv

Score

1^/10

Suspicious use of AdjustPrivilegeToken 4 IoCs

description	pid	Process
Token: SeBackupPrivilege	1724	0bbd5efd22e3bbf2ed7e1e380053b782a464841c26b473081dee619adbc3d26f.exe
Token: SeRestorePrivilege	1724	0bbd5efd22e3bbf2ed7e1e380053b782a464841c26b473081dee619adbc3d26f.exe
Token: 33	1724	0bbd5efd22e3bbf2ed7e1e380053b782a464841c26b473081dee619adbc3d26f.exe
Token: SeIncBasePriorityPrivilege	1724	0bbd5efd22e3bbf2ed7e1e380053b782a464841c26b473081dee619adbc3d26f.exe

C:\Users\Admin\AppData\Local\Temp\0bbd5efd22e3bbf2ed7e1e380053b782a464841c26b473081dee619adbc3d26f.exe
"C:\Users\Admin\AppData\Local\Temp\0bbd5efd22e3bbf2ed7e1e380053b782a464841c26b473081dee619adbc3d26f.exe"
1⤵
- Suspicious use of AdjustPrivilegeToken
PID:1724