c1ce2e4363fa6eeed81d32dae338ebcddefea22d484b30795882f52a86c4fd0e

Analysis

max time kernel
23s
max time network
27s
platform
windows10-2004_x64
resource
win10v2004-20230220-en
resource tags

arch:x64arch:x86image:win10v2004-20230220-enlocale:en-usos:windows10-2004-x64system
submitted
20/05/2023, 10:22

Target

Spotter.exe
Size

25.6MB
MD5

6ad587f577ba29bf5d7eeef10fe9136e
SHA1

db52118f9b1f6f510ddff617efa105834eba7177
SHA256

455da2e9501d328933e8ca2278c77e346f58d683bd00584431bfea21301dc24c
SHA512

d8c9b0fb810c5dde8e00aae917af6f71245ce9fa16864c1332a6f5890fa4e48f7622e0517520eb27baa825ba6868e9bcee3ab28c0f97ee465ecade327fc3e6d1
SSDEEP

786432:wdYFOsgpRZ/WiA3QrxKStO0cxmG5MB6e:O/ByuK+9cxo6

Score

1^/10

Suspicious use of AdjustPrivilegeToken 1 IoCs

description	pid	Process
Token: SeDebugPrivilege	2236	Spotter.exe

C:\Users\Admin\AppData\Local\Temp\Spotter.exe
"C:\Users\Admin\AppData\Local\Temp\Spotter.exe"
1⤵
- Suspicious use of AdjustPrivilegeToken
PID:2236

memory/2236-133-0x0000000000FA0000-0x0000000002946000-memory.dmp

Filesize
25.6MB

Download
memory/2236-134-0x0000000007400000-0x000000000749C000-memory.dmp

Filesize
624KB

Download
memory/2236-135-0x00000000073F0000-0x0000000007400000-memory.dmp

Filesize
64KB

Download
memory/2236-136-0x0000000007B30000-0x00000000080D4000-memory.dmp

Filesize
5.6MB

Download
memory/2236-137-0x0000000007660000-0x00000000076F2000-memory.dmp

Filesize
584KB

Download
memory/2236-138-0x0000000007650000-0x000000000765A000-memory.dmp

Filesize
40KB

Download
memory/2236-139-0x00000000073F0000-0x0000000007400000-memory.dmp

Filesize
64KB

Download
memory/2236-140-0x0000000007770000-0x00000000077D6000-memory.dmp

Filesize
408KB

Download
memory/2236-141-0x00000000073F0000-0x0000000007400000-memory.dmp

Filesize
64KB

Download