2b8cd7175430c7efadb5156b883b63cbbd179579ee58dccb27efc68c22cdc819

Analysis

max time kernel
145s
max time network
132s
platform
windows10-2004_x64
resource
win10v2004-20230703-en
resource tags

arch:x64arch:x86image:win10v2004-20230703-enlocale:en-usos:windows10-2004-x64system
submitted
23-07-2023 15:00

Target

NA_2b8cd7175430c7efadb5156b8_JC.exe
Size

39KB
MD5

871cd7088672b28dddc2c9b539c96a6c
SHA1

749ad9c8a8615535711590f483e43e3863118e5b
SHA256

2b8cd7175430c7efadb5156b883b63cbbd179579ee58dccb27efc68c22cdc819
SHA512

c3514cc27abad7bf506b87b25f86b7028d93ef00a4c55bf061223a88cceae165ce955de37049fc10a21f1ac990fad27f8d85717f3592b2593b90160ea1875d6c
SSDEEP

768:7CP/V7dXgOhYYmu24Ra2DovIieNhIPVQPaFXGXT:Kgaj92m7ov0oWqXGXT

Score

1^/10

Suspicious use of AdjustPrivilegeToken 1 IoCs

description	pid	Process
Token: SeDebugPrivilege	812	NA_2b8cd7175430c7efadb5156b8_JC.exe

C:\Users\Admin\AppData\Local\Temp\NA_2b8cd7175430c7efadb5156b8_JC.exe
"C:\Users\Admin\AppData\Local\Temp\NA_2b8cd7175430c7efadb5156b8_JC.exe"
1⤵
- Suspicious use of AdjustPrivilegeToken
PID:812

memory/812-133-0x0000010DABF00000-0x0000010DABF0E000-memory.dmp

Filesize
56KB

Download
memory/812-134-0x00007FFDF7100000-0x00007FFDF7BC1000-memory.dmp

Filesize
10.8MB

Download
memory/812-135-0x0000010DC6670000-0x0000010DC6680000-memory.dmp

Filesize
64KB

Download
memory/812-136-0x0000010DADD30000-0x0000010DADD4A000-memory.dmp

Filesize
104KB

Download
memory/812-137-0x0000010DC6850000-0x0000010DC69F9000-memory.dmp

Filesize
1.7MB

Download
memory/812-138-0x00007FFDF7100000-0x00007FFDF7BC1000-memory.dmp

Filesize
10.8MB

Download
memory/812-139-0x0000010DC6670000-0x0000010DC6680000-memory.dmp

Filesize
64KB

Download