d0d417ece8e94dbb4834e29c345d2e05de5de8ba3b3e05d922614c6f508d4cbe

Resubmissions

04/08/2023, 02:03

02/08/2023, 17:53

max time kernel
143s
max time network
157s
platform
windows10-2004_x64
resource
win10v2004-20230703-en
resource tags

arch:x64arch:x86image:win10v2004-20230703-enlocale:en-usos:windows10-2004-x64system
submitted
02/08/2023, 17:53

Target

40899d038ee717f6e407ed53668c8d16.exe
Size

542KB
MD5

40899d038ee717f6e407ed53668c8d16
SHA1

6f49f6ce4068524aab980fce4c85473f63415d5f
SHA256

d0d417ece8e94dbb4834e29c345d2e05de5de8ba3b3e05d922614c6f508d4cbe
SHA512

b7e8de2f51c235adc3243781b797663de6557acb8ecee58310a9944a199b2ae0c38663e0b97f77477ea850439d45dbdff11fb8cfcfb4fc9c58442c965999c389
SSDEEP

12288:FVcSX+wMmdF1/jILYCWilocbzK27bwgTysayxbLz7ms4u6m7PH1:FVcSX+wrd/r3IO2g06Pg/1

Score

1^/10

Suspicious behavior: LoadsDriver 1 IoCs

pid	Process
656	Process not Found

Suspicious use of AdjustPrivilegeToken 1 IoCs

description	pid	Process
Token: SeDebugPrivilege	2004	40899d038ee717f6e407ed53668c8d16.exe

C:\Users\Admin\AppData\Local\Temp\40899d038ee717f6e407ed53668c8d16.exe
"C:\Users\Admin\AppData\Local\Temp\40899d038ee717f6e407ed53668c8d16.exe"
1⤵
- Suspicious use of AdjustPrivilegeToken
PID:2004

memory/2004-133-0x00000207C57F0000-0x00000207C587C000-memory.dmp

Filesize
560KB

Download
memory/2004-134-0x00000207C5C60000-0x00000207C5C7A000-memory.dmp

Filesize
104KB

Download
memory/2004-135-0x00007FFA4EEC0000-0x00007FFA4F981000-memory.dmp

Filesize
10.8MB

Download
memory/2004-137-0x00000207C5C30000-0x00000207C5C40000-memory.dmp

Filesize
64KB

Download
memory/2004-139-0x00007FFA4EEC0000-0x00007FFA4F981000-memory.dmp

Filesize
10.8MB

Download
memory/2004-140-0x00000207C5C30000-0x00000207C5C40000-memory.dmp

Filesize
64KB

Download