08d9cc9df0f3b1467038fc2921c6629998a5ee54e93f45687deedd4acdbbb73b

Analysis

max time kernel
30s
max time network
34s
platform
windows7_x64
resource
win7-20230220-en
resource tags

arch:x64arch:x86image:win7-20230220-enlocale:en-usos:windows7-x64system
submitted
09-05-2023 00:39

Target

Android Image Kitchen/android_win_tools/chmod.exe
Size

54KB
MD5

32b7a6c0c026fd7dc84acfadc6df61ea
SHA1

df4a5ad4d1e250f74e9d69e7a5d7672654cb53dd
SHA256

7be0c337503591cee491d9c97ee3fc59ec37101d6f43213f3c99323859783b90
SHA512

6dc46c7bb5ee56b715334fd83c49ae4ff84fb47879df98fa0ace677b14197b90cd3acdc2ec988a1cd7b3a9de1fecb19bbbdce860b838e08b1b57da54288f164a
SSDEEP

768:VBjXyULFTLoqrYCgY6Br/4HZC7EfuGh+AeuWuuRpxXY3yqr4hooooooooooooooB:6ULFTLBrpgYq4HZoE2YpeQnaWs

Score

1^/10

Suspicious use of AdjustPrivilegeToken 3 IoCs

Processes:

chmod.exe

description pid process

Token: SeRestorePrivilege 1468 chmod.exe
Token: SeBackupPrivilege 1468 chmod.exe
Token: SeDebugPrivilege 1468 chmod.exe

C:\Users\Admin\AppData\Local\Temp\Android Image Kitchen\android_win_tools\chmod.exe
"C:\Users\Admin\AppData\Local\Temp\Android Image Kitchen\android_win_tools\chmod.exe"
1⤵
- Suspicious use of AdjustPrivilegeToken
PID:1468

memory/1468-54-0x000000005C8D0000-0x000000005C9D5000-memory.dmp

Filesize
1.0MB

Download
memory/1468-55-0x0000000000400000-0x0000000000414000-memory.dmp

Filesize
80KB

Download
memory/1468-56-0x0000000061000000-0x00000000614F0000-memory.dmp

Filesize
4.9MB

Download
memory/1468-57-0x000000005C880000-0x000000005C891000-memory.dmp

Filesize
68KB

Download
memory/1468-58-0x000000005C8D0000-0x000000005C9D5000-memory.dmp

Filesize
1.0MB

Download
memory/1468-59-0x000000005E230000-0x000000005E254000-memory.dmp

Filesize
144KB

Download