26ace878bcdd0cc69846c6e882d3078b5ae8a00f01c0a6a1fefbf2bffdef8ba0

Analysis

max time kernel
142s
max time network
154s
platform
windows7_x64
resource
win7-20230703-en
resource tags

arch:x64arch:x86image:win7-20230703-enlocale:en-usos:windows7-x64system
submitted
08/07/2023, 20:11

Target

168880944692ce016124d1bcd.exe
Size

32KB
MD5

799fb1d5784519e26670f5708d7b3eb2
SHA1

a364f58e00e7704175054b6f5f24c87c0b299310
SHA256

26ace878bcdd0cc69846c6e882d3078b5ae8a00f01c0a6a1fefbf2bffdef8ba0
SHA512

f5c298b2429e2bb6464e126ab91b15847803630bb0c9e74d9ae14f316b78acdf7064fbb96474803be49c0ad28a06f548160bd552f3364f9d50351c9b90e60ee5
SSDEEP

384:Y0bUe5XB4e0XjOnPw0Q0mS03AWTxtTUFQqzFBObbZ:tT9Bu6I55d3bZ

Score

1^/10

Suspicious use of AdjustPrivilegeToken 23 IoCs

description	pid	Process
Token: SeDebugPrivilege	2320	168880944692ce016124d1bcd.exe
Token: 33	2320	168880944692ce016124d1bcd.exe
Token: SeIncBasePriorityPrivilege	2320	168880944692ce016124d1bcd.exe
Token: 33	2320	168880944692ce016124d1bcd.exe
Token: SeIncBasePriorityPrivilege	2320	168880944692ce016124d1bcd.exe
Token: 33	2320	168880944692ce016124d1bcd.exe
Token: SeIncBasePriorityPrivilege	2320	168880944692ce016124d1bcd.exe
Token: 33	2320	168880944692ce016124d1bcd.exe
Token: SeIncBasePriorityPrivilege	2320	168880944692ce016124d1bcd.exe
Token: 33	2320	168880944692ce016124d1bcd.exe
Token: SeIncBasePriorityPrivilege	2320	168880944692ce016124d1bcd.exe
Token: 33	2320	168880944692ce016124d1bcd.exe
Token: SeIncBasePriorityPrivilege	2320	168880944692ce016124d1bcd.exe
Token: 33	2320	168880944692ce016124d1bcd.exe
Token: SeIncBasePriorityPrivilege	2320	168880944692ce016124d1bcd.exe
Token: 33	2320	168880944692ce016124d1bcd.exe
Token: SeIncBasePriorityPrivilege	2320	168880944692ce016124d1bcd.exe
Token: 33	2320	168880944692ce016124d1bcd.exe
Token: SeIncBasePriorityPrivilege	2320	168880944692ce016124d1bcd.exe
Token: 33	2320	168880944692ce016124d1bcd.exe
Token: SeIncBasePriorityPrivilege	2320	168880944692ce016124d1bcd.exe
Token: 33	2320	168880944692ce016124d1bcd.exe
Token: SeIncBasePriorityPrivilege	2320	168880944692ce016124d1bcd.exe

C:\Users\Admin\AppData\Local\Temp\168880944692ce016124d1bcd.exe
"C:\Users\Admin\AppData\Local\Temp\168880944692ce016124d1bcd.exe"
1⤵
- Suspicious use of AdjustPrivilegeToken
PID:2320

memory/2320-54-0x00000000004D0000-0x0000000000510000-memory.dmp

Filesize
256KB

Download
memory/2320-55-0x00000000004D0000-0x0000000000510000-memory.dmp

Filesize
256KB

Download
memory/2320-56-0x00000000004D0000-0x0000000000510000-memory.dmp

Filesize
256KB

Download
memory/2320-57-0x00000000004D0000-0x0000000000510000-memory.dmp

Filesize
256KB

Download