df3c9bd8bb3201221d0e933e2b7acaabf952f5d34be2b5ae9953e0855a3a2a32

Analysis

max time kernel
4s
max time network
4s
platform
windows10-2004_x64
resource
win10v2004-20230220-en
resource tags

arch:x64arch:x86image:win10v2004-20230220-enlocale:en-usos:windows10-2004-x64system
submitted
11/06/2023, 17:17

Target

BSOD.exe
Size

75KB
MD5

dd14948dadf70aefa191b521a6b397f9
SHA1

2cd438446d9a91afd6bf48f182b2ecb52a729411
SHA256

df3c9bd8bb3201221d0e933e2b7acaabf952f5d34be2b5ae9953e0855a3a2a32
SHA512

e91dd34f19689069e1e8717f24b78068c240eb6acef84a2590a7715495ab7332e917e0456a71fe93f190c1bccdf664a9fa09ce4be79871abd880968c4f9c1998
SSDEEP

96:LWgHG+WVCh1pw8WSgYEQgyDrq/sqyjgTOiLfzsXHUZuBd8K+/XzhsdAjsHyaIuf7:LWOGh0zpwhYvgWGAgJfg3d+fzh/aIq

Score

1^/10

Suspicious use of AdjustPrivilegeToken 1 IoCs

description	pid	Process
Token: SeShutdownPrivilege	3700	BSOD.exe

C:\Users\Admin\AppData\Local\Temp\BSOD.exe
"C:\Users\Admin\AppData\Local\Temp\BSOD.exe"
1⤵
- Suspicious use of AdjustPrivilegeToken
PID:3700

C:\Windows\system32\WerFault.exe
C:\Windows\system32\WerFault.exe -pss -s 476 -p 5088 -ip 5088
1⤵
PID:1400

memory/3700-133-0x0000000001110000-0x0000000001120000-memory.dmp

Filesize
64KB

Download