d0d417ece8e94dbb4834e29c345d2e05de5de8ba3b3e05d922614c6f508d4cbe

Resubmissions

04-08-2023 02:03

02-08-2023 17:53

max time kernel
117s
max time network
120s
platform
windows7_x64
resource
win7-20230712-en
resource tags

arch:x64arch:x86image:win7-20230712-enlocale:en-usos:windows7-x64system
submitted
02-08-2023 17:53

Target

40899d038ee717f6e407ed53668c8d16.exe
Size

542KB
MD5

40899d038ee717f6e407ed53668c8d16
SHA1

6f49f6ce4068524aab980fce4c85473f63415d5f
SHA256

d0d417ece8e94dbb4834e29c345d2e05de5de8ba3b3e05d922614c6f508d4cbe
SHA512

b7e8de2f51c235adc3243781b797663de6557acb8ecee58310a9944a199b2ae0c38663e0b97f77477ea850439d45dbdff11fb8cfcfb4fc9c58442c965999c389
SSDEEP

12288:FVcSX+wMmdF1/jILYCWilocbzK27bwgTysayxbLz7ms4u6m7PH1:FVcSX+wrd/r3IO2g06Pg/1

Score

1^/10

Suspicious behavior: LoadsDriver 1 IoCs

pid	Process
464	Process not Found

Suspicious use of AdjustPrivilegeToken 1 IoCs

description	pid	Process
Token: SeDebugPrivilege	2568	40899d038ee717f6e407ed53668c8d16.exe

C:\Users\Admin\AppData\Local\Temp\40899d038ee717f6e407ed53668c8d16.exe
"C:\Users\Admin\AppData\Local\Temp\40899d038ee717f6e407ed53668c8d16.exe"
1⤵
- Suspicious use of AdjustPrivilegeToken
PID:2568

memory/2568-53-0x000007FEF5870000-0x000007FEF625C000-memory.dmp

Filesize
9.9MB

Download
memory/2568-54-0x0000000000F90000-0x000000000101C000-memory.dmp

Filesize
560KB

Download
memory/2568-55-0x00000000003B0000-0x0000000000430000-memory.dmp

Filesize
512KB

Download
memory/2568-56-0x0000000000250000-0x0000000000256000-memory.dmp

Filesize
24KB

Download
memory/2568-57-0x0000000000370000-0x000000000038A000-memory.dmp

Filesize
104KB

Download
memory/2568-59-0x0000000000BE0000-0x0000000000C62000-memory.dmp

Filesize
520KB

Download
memory/2568-61-0x000007FEF5870000-0x000007FEF625C000-memory.dmp

Filesize
9.9MB

Download
memory/2568-62-0x00000000003B0000-0x0000000000430000-memory.dmp

Filesize
512KB

Download