3a86c278e73fef4598a516ef02f2fc77854090b67a7fdd7598001cf36d8fcb5b

Analysis

max time kernel
31s
max time network
33s
platform
windows7_x64
resource
win7-20230220-en
resource tags

arch:x64arch:x86image:win7-20230220-enlocale:en-usos:windows7-x64system
submitted
12/04/2023, 03:19

Target

aTube_Catcher_v3.66.53.121.44.exe
Size

1.1MB
MD5

5aa25d2d230a23406c4306669ca86bc3
SHA1

a0ac184a517845e2ec50a33a1731dfff3f0c53ae
SHA256

3a86c278e73fef4598a516ef02f2fc77854090b67a7fdd7598001cf36d8fcb5b
SHA512

e9297b51ff0a68d098f43c2672c4b47962e599c35867b78eb7bc8fa8827061bf7c9909b74c16a1e6c88cfb1f4c822067e58ca76d287376c534af0ae5dfc83efd
SSDEEP

24576:g5A4UquRxA0S+K7VQy6yXiJC0ABKPamoLi+t9RQAPsD51Ehl3qw0S+K7VQy6yXip:sA4Uq0A0S+K7VQy6yXiJC0ABKXii+t9m

Score

1^/10

Suspicious use of AdjustPrivilegeToken 2 IoCs

description	pid	Process
Token: SeDebugPrivilege	1408	aTube_Catcher_v3.66.53.121.44.exe
Token: SeShutdownPrivilege	1408	aTube_Catcher_v3.66.53.121.44.exe

C:\Users\Admin\AppData\Local\Temp\aTube_Catcher_v3.66.53.121.44.exe
"C:\Users\Admin\AppData\Local\Temp\aTube_Catcher_v3.66.53.121.44.exe"
1⤵
- Suspicious use of AdjustPrivilegeToken
PID:1408

memory/1408-54-0x0000000000A90000-0x0000000000BA6000-memory.dmp

Filesize
1.1MB

Download
memory/1408-55-0x000000001B130000-0x000000001B1B0000-memory.dmp

Filesize
512KB

Download
memory/1408-56-0x0000000002330000-0x000000000234A000-memory.dmp

Filesize
104KB

Download
memory/1408-57-0x000000001B130000-0x000000001B1B0000-memory.dmp

Filesize
512KB

Download
memory/1408-58-0x000000001B130000-0x000000001B1B0000-memory.dmp

Filesize
512KB

Download
memory/1408-59-0x000000001B130000-0x000000001B1B0000-memory.dmp

Filesize
512KB

Download
memory/1408-60-0x000000001B130000-0x000000001B1B0000-memory.dmp

Filesize
512KB

Download
memory/1408-61-0x000000001B130000-0x000000001B1B0000-memory.dmp

Filesize
512KB

Download