1070b4766e0979a8e15ddbd3d0ba27a9d05272027b3a20eaaf9c9fd854f2def7

Analysis

max time kernel
42s
max time network
48s
platform
windows10-2004_x64
resource
win10v2004-20230621-en
resource tags

arch:x64arch:x86image:win10v2004-20230621-enlocale:en-usos:windows10-2004-x64system
submitted
23-06-2023 22:56

Target

Netflix Tools PACK/Netflix Tools PACK/NetFlix GC Checker by xRisky/data/litedb.exe
Size

1.9MB
MD5

c20fe813ce74afaaecc2963ed2f38399
SHA1

495d949a54a7af8ada87eec7d4c1709588073295
SHA256

0a33ac7f5c5a236e63ff5cc404f39364d6f571601c85484c24e5b4b33b3d5b70
SHA512

d79b887927284b283ed32e460c749485be1b1acdaac53563777c1140fb9f48fda7b28616d445fb2a75872fe344431086c5ab7f6a2ad12ed636bb778a862f7268
SSDEEP

24576:SQ9u98/1Xx+nuiSgGKTeLYywTXyP5llinpFubRnwJ9f3EdIMVWKWkAaIvuonXQ:PITnyiyP5inpFutaB3o9IH97A

Score

1^/10

Suspicious use of AdjustPrivilegeToken 2 IoCs

Processes:

litedb.exe

description pid process

Token: 33 3212 litedb.exe
Token: SeIncBasePriorityPrivilege 3212 litedb.exe

description	pid	process
Token: 33	3212	litedb.exe
Token: SeIncBasePriorityPrivilege	3212	litedb.exe

C:\Users\Admin\AppData\Local\Temp\Netflix Tools PACK\Netflix Tools PACK\NetFlix GC Checker by xRisky\data\litedb.exe
"C:\Users\Admin\AppData\Local\Temp\Netflix Tools PACK\Netflix Tools PACK\NetFlix GC Checker by xRisky\data\litedb.exe"
1⤵
- Suspicious use of AdjustPrivilegeToken
PID:3212

memory/3212-133-0x0000000000400000-0x0000000000671000-memory.dmp

Filesize
2.4MB

Download
memory/3212-135-0x00000000050D0000-0x00000000050E0000-memory.dmp

Filesize
64KB

Download
memory/3212-136-0x0000000002B10000-0x0000000002BAC000-memory.dmp

Filesize
624KB

Download
memory/3212-137-0x0000000004F40000-0x0000000004FD2000-memory.dmp

Filesize
584KB

Download
memory/3212-138-0x00000000050D0000-0x00000000050E0000-memory.dmp

Filesize
64KB

Download
memory/3212-139-0x00000000050D0000-0x00000000050E0000-memory.dmp

Filesize
64KB

Download
memory/3212-140-0x0000000000400000-0x0000000000671000-memory.dmp

Filesize
2.4MB

Download