285febf3df0193ab2f228a5d50152d40ae1f958a49b6a00a58b1390b62240c20

Analysis

max time kernel
142s
max time network
145s
platform
windows10-2004_x64
resource
win10v2004-20221111-en
resource tags

arch:x64arch:x86image:win10v2004-20221111-enlocale:en-usos:windows10-2004-x64system
submitted
31/01/2023, 15:10

Target

285febf3df0193ab2f228a5d50152d40ae1f958a49b6a00a58b1390b62240c20.exe
Size

1.1MB
MD5

45fcca0f4cc1250a1ed06fdd0a35c566
SHA1

81d8879343caa21bf4d48101b65fb8a9ac0c5bb5
SHA256

285febf3df0193ab2f228a5d50152d40ae1f958a49b6a00a58b1390b62240c20
SHA512

7f33b0544c1dc864f94544ea2039bb06e282853ff100542c957f282467aff722d6e3b689b5da8760349e77086a8672d9cd3de0e6f042ab1912a71b9e936dac91
SSDEEP

24576:RPyMNgDvgqz27bovjgUpf7yJ1rga/v7f3suwB:RPyYqke7Srf

Score

1^/10

Suspicious use of AdjustPrivilegeToken 1 IoCs

description	pid	Process
Token: SeDebugPrivilege	4644	285febf3df0193ab2f228a5d50152d40ae1f958a49b6a00a58b1390b62240c20.exe

C:\Users\Admin\AppData\Local\Temp\285febf3df0193ab2f228a5d50152d40ae1f958a49b6a00a58b1390b62240c20.exe
"C:\Users\Admin\AppData\Local\Temp\285febf3df0193ab2f228a5d50152d40ae1f958a49b6a00a58b1390b62240c20.exe"
1⤵
- Suspicious use of AdjustPrivilegeToken
PID:4644

memory/4644-132-0x0000000000150000-0x0000000000278000-memory.dmp

Filesize
1.2MB

Download
memory/4644-133-0x0000000005480000-0x000000000551C000-memory.dmp

Filesize
624KB

Download
memory/4644-134-0x0000000005AD0000-0x0000000006074000-memory.dmp

Filesize
5.6MB

Download
memory/4644-135-0x0000000005520000-0x00000000055B2000-memory.dmp

Filesize
584KB

Download
memory/4644-136-0x0000000005420000-0x000000000542A000-memory.dmp

Filesize
40KB

Download
memory/4644-137-0x0000000005760000-0x00000000057B6000-memory.dmp

Filesize
344KB

Download