d0d417ece8e94dbb4834e29c345d2e05de5de8ba3b3e05d922614c6f508d4cbe

Resubmissions

04/08/2023, 02:03

02/08/2023, 17:53

max time kernel
118s
max time network
231s
platform
windows10-2004_x64
resource
win10v2004-20230703-en
resource tags

arch:x64arch:x86image:win10v2004-20230703-enlocale:en-usos:windows10-2004-x64system
submitted
04/08/2023, 02:03

Target

40899d038ee717f6e407ed53668c8d16.exe
Size

542KB
MD5

40899d038ee717f6e407ed53668c8d16
SHA1

6f49f6ce4068524aab980fce4c85473f63415d5f
SHA256

d0d417ece8e94dbb4834e29c345d2e05de5de8ba3b3e05d922614c6f508d4cbe
SHA512

b7e8de2f51c235adc3243781b797663de6557acb8ecee58310a9944a199b2ae0c38663e0b97f77477ea850439d45dbdff11fb8cfcfb4fc9c58442c965999c389
SSDEEP

12288:FVcSX+wMmdF1/jILYCWilocbzK27bwgTysayxbLz7ms4u6m7PH1:FVcSX+wrd/r3IO2g06Pg/1

Score

1^/10

Suspicious behavior: LoadsDriver 1 IoCs

pid	Process
664	Process not Found

Suspicious use of AdjustPrivilegeToken 1 IoCs

description	pid	Process
Token: SeDebugPrivilege	1640	40899d038ee717f6e407ed53668c8d16.exe

C:\Users\Admin\AppData\Local\Temp\40899d038ee717f6e407ed53668c8d16.exe
"C:\Users\Admin\AppData\Local\Temp\40899d038ee717f6e407ed53668c8d16.exe"
1⤵
- Suspicious use of AdjustPrivilegeToken
PID:1640

memory/1640-133-0x0000012C448E0000-0x0000012C4496C000-memory.dmp

Filesize
560KB

Download
memory/1640-134-0x0000012C46570000-0x0000012C4658A000-memory.dmp

Filesize
104KB

Download
memory/1640-136-0x00007FFA3BD20000-0x00007FFA3C7E1000-memory.dmp

Filesize
10.8MB

Download
memory/1640-137-0x0000012C5EF80000-0x0000012C5EF90000-memory.dmp

Filesize
64KB

Download
memory/1640-139-0x00007FFA3BD20000-0x00007FFA3C7E1000-memory.dmp

Filesize
10.8MB

Download
memory/1640-140-0x0000012C5EF80000-0x0000012C5EF90000-memory.dmp

Filesize
64KB

Download