a304024ca680f698913e11026ab901292095bfdda4e1c65a3bfdf14bea478117

Analysis

max time kernel
150s
max time network
152s
platform
windows7_x64
resource
win7-20230220-en
resource tags

arch:x64arch:x86image:win7-20230220-enlocale:en-usos:windows7-x64system
submitted
09-03-2023 18:56

Target

a304024ca680f698913e11026ab901292095bfdda4e1c.exe
Size

675KB
MD5

59d5fa83827130e870bd6ed4539b9f4c
SHA1

16abcccc732fecb83ac3f8851794870dd1a2674e
SHA256

a304024ca680f698913e11026ab901292095bfdda4e1c65a3bfdf14bea478117
SHA512

d8d9fccf780349018da08dcff512255de029f496b1722f5fb5994c80071344a8f7e82bb4d1a2c112cef224e5a541bf94015088e8c0134218222335a23ca188f1
SSDEEP

12288:PmnvKICvTkGAwmwYOI72x20VZqlTlGiKiCvbRne2ds0vQFGF:PmnvKICvKOM4qDGiKiCvbRe2dsQRF

Score

1^/10

Suspicious use of AdjustPrivilegeToken 1 IoCs

Processes:

a304024ca680f698913e11026ab901292095bfdda4e1c.exe

description pid process

Token: SeDebugPrivilege 2024 a304024ca680f698913e11026ab901292095bfdda4e1c.exe

description	pid	process
Token: SeDebugPrivilege	2024	a304024ca680f698913e11026ab901292095bfdda4e1c.exe

C:\Users\Admin\AppData\Local\Temp\a304024ca680f698913e11026ab901292095bfdda4e1c.exe
"C:\Users\Admin\AppData\Local\Temp\a304024ca680f698913e11026ab901292095bfdda4e1c.exe"
1⤵
- Suspicious use of AdjustPrivilegeToken
PID:2024

memory/2024-54-0x0000000001030000-0x00000000010E0000-memory.dmp

Filesize
704KB

Download
memory/2024-55-0x0000000004E60000-0x0000000004EA0000-memory.dmp

Filesize
256KB

Download
memory/2024-56-0x0000000004E60000-0x0000000004EA0000-memory.dmp

Filesize
256KB

Download