236caf6eff6062b5ab65172a05150d9cc3648e83b40cd7cba5895192aba70490

Analysis

max time kernel
628s
max time network
631s
platform
windows7_x64
resource
win7-20230220-es
resource tags

arch:x64arch:x86image:win7-20230220-eslocale:es-esos:windows7-x64systemwindows
submitted
09/03/2023, 14:27

Target

edgeexplo.exe
Size

1023KB
MD5

04e76f69997961082c793267bcc14788
SHA1

bccaf73a94430a71520832fd6c32a0454ed9cef0
SHA256

236caf6eff6062b5ab65172a05150d9cc3648e83b40cd7cba5895192aba70490
SHA512

f845a1df45207c8b68a5bb5d7ab3051a869065fb548ed63cc5c7bf4f88a17935c865a4a0621f2bebd805bf5610eb63a45d7964ad1cce538d2ba7a6259bef826b
SSDEEP

12288:sVmuXzKBJ14qXbx7DN9B8Wf+INAjSLsVclR3jm2Apfz6aCtIEvJpSANEkXTry3p:KlzCH4qXlPKBIGLzZJUDSANjXTrK

Score

1^/10

Suspicious use of AdjustPrivilegeToken 2 IoCs

description	pid	Process
Token: SeDebugPrivilege	808	edgeexplo.exe
Token: SeDebugPrivilege	1520	edgeexplo.exe

C:\Users\Admin\AppData\Local\Temp\edgeexplo.exe
"C:\Users\Admin\AppData\Local\Temp\edgeexplo.exe"
1⤵
- Suspicious use of AdjustPrivilegeToken
PID:808

C:\Windows\system32\verclsid.exe
"C:\Windows\system32\verclsid.exe" /S /C {0B2C9183-C9FA-4C53-AE21-C900B0C39965} /I {0C733A8A-2A1C-11CE-ADE5-00AA0044773D} /X 0x401
1⤵
PID:1536

C:\Users\Admin\AppData\Local\Temp\edgeexplo.exe
"C:\Users\Admin\AppData\Local\Temp\edgeexplo.exe"
1⤵
- Suspicious use of AdjustPrivilegeToken
PID:1520

memory/808-54-0x0000000000A90000-0x0000000000B96000-memory.dmp

Filesize
1.0MB

Download
memory/808-55-0x0000000004EA0000-0x0000000004EE0000-memory.dmp

Filesize
256KB

Download
memory/1520-56-0x00000000010D0000-0x00000000011D6000-memory.dmp

Filesize
1.0MB

Download
memory/1520-57-0x0000000004F50000-0x0000000004F90000-memory.dmp

Filesize
256KB

Download