285febf3df0193ab2f228a5d50152d40ae1f958a49b6a00a58b1390b62240c20

Analysis

max time kernel
45s
max time network
115s
platform
windows7_x64
resource
win7-20220901-en
resource tags

arch:x64arch:x86image:win7-20220901-enlocale:en-usos:windows7-x64system
submitted
31/01/2023, 15:10

Target

285febf3df0193ab2f228a5d50152d40ae1f958a49b6a00a58b1390b62240c20.exe
Size

1.1MB
MD5

45fcca0f4cc1250a1ed06fdd0a35c566
SHA1

81d8879343caa21bf4d48101b65fb8a9ac0c5bb5
SHA256

285febf3df0193ab2f228a5d50152d40ae1f958a49b6a00a58b1390b62240c20
SHA512

7f33b0544c1dc864f94544ea2039bb06e282853ff100542c957f282467aff722d6e3b689b5da8760349e77086a8672d9cd3de0e6f042ab1912a71b9e936dac91
SSDEEP

24576:RPyMNgDvgqz27bovjgUpf7yJ1rga/v7f3suwB:RPyYqke7Srf

Score

1^/10

Suspicious use of AdjustPrivilegeToken 1 IoCs

description	pid	Process
Token: SeDebugPrivilege	1396	285febf3df0193ab2f228a5d50152d40ae1f958a49b6a00a58b1390b62240c20.exe

C:\Users\Admin\AppData\Local\Temp\285febf3df0193ab2f228a5d50152d40ae1f958a49b6a00a58b1390b62240c20.exe
"C:\Users\Admin\AppData\Local\Temp\285febf3df0193ab2f228a5d50152d40ae1f958a49b6a00a58b1390b62240c20.exe"
1⤵
- Suspicious use of AdjustPrivilegeToken
PID:1396

memory/1396-54-0x0000000001010000-0x0000000001138000-memory.dmp

Filesize
1.2MB

Download
memory/1396-55-0x00000000760E1000-0x00000000760E3000-memory.dmp

Filesize
8KB

Download
memory/1396-56-0x0000000009BD0000-0x0000000009E7E000-memory.dmp

Filesize
2.7MB

Download
memory/1396-57-0x0000000004E85000-0x0000000004E96000-memory.dmp

Filesize
68KB

Download