d0d417ece8e94dbb4834e29c345d2e05de5de8ba3b3e05d922614c6f508d4cbe

Resubmissions

04/08/2023, 02:03

02/08/2023, 17:53

max time kernel
122s
max time network
125s
platform
windows7_x64
resource
win7-20230712-en
resource tags

arch:x64arch:x86image:win7-20230712-enlocale:en-usos:windows7-x64system
submitted
04/08/2023, 02:03

Target

40899d038ee717f6e407ed53668c8d16.exe
Size

542KB
MD5

40899d038ee717f6e407ed53668c8d16
SHA1

6f49f6ce4068524aab980fce4c85473f63415d5f
SHA256

d0d417ece8e94dbb4834e29c345d2e05de5de8ba3b3e05d922614c6f508d4cbe
SHA512

b7e8de2f51c235adc3243781b797663de6557acb8ecee58310a9944a199b2ae0c38663e0b97f77477ea850439d45dbdff11fb8cfcfb4fc9c58442c965999c389
SSDEEP

12288:FVcSX+wMmdF1/jILYCWilocbzK27bwgTysayxbLz7ms4u6m7PH1:FVcSX+wrd/r3IO2g06Pg/1

Score

1^/10

Suspicious behavior: LoadsDriver 1 IoCs

pid	Process
464	Process not Found

Suspicious use of AdjustPrivilegeToken 1 IoCs

description	pid	Process
Token: SeDebugPrivilege	2184	40899d038ee717f6e407ed53668c8d16.exe

C:\Users\Admin\AppData\Local\Temp\40899d038ee717f6e407ed53668c8d16.exe
"C:\Users\Admin\AppData\Local\Temp\40899d038ee717f6e407ed53668c8d16.exe"
1⤵
- Suspicious use of AdjustPrivilegeToken
PID:2184

memory/2184-54-0x00000000002D0000-0x000000000035C000-memory.dmp

Filesize
560KB

Download
memory/2184-55-0x000007FEF5460000-0x000007FEF5E4C000-memory.dmp

Filesize
9.9MB

Download
memory/2184-56-0x000000001AF40000-0x000000001AFC0000-memory.dmp

Filesize
512KB

Download
memory/2184-57-0x00000000002C0000-0x00000000002C6000-memory.dmp

Filesize
24KB

Download
memory/2184-58-0x0000000000360000-0x000000000037A000-memory.dmp

Filesize
104KB

Download
memory/2184-60-0x0000000000390000-0x0000000000412000-memory.dmp

Filesize
520KB

Download
memory/2184-62-0x000007FEF5460000-0x000007FEF5E4C000-memory.dmp

Filesize
9.9MB

Download