776b34a9802587aa4b4c58838ea6a2f0947b7086cd8c97902fae7cf18f131c17

Analysis

max time kernel
150s
max time network
153s
platform
windows7_x64
resource
win7-20230831-en
resource tags

arch:x64arch:x86image:win7-20230831-enlocale:en-usos:windows7-x64system
submitted
30/09/2023, 12:48

Target

776b34a9802587aa4b4c58838ea6a2f0947b7086cd8c97902fae7cf18f131c17_JC.exe
Size

27KB
MD5

0fa9a3f385fc1d0c61076a22cab73897
SHA1

1d4292d02482184887e310ff8fa68f71641c47a7
SHA256

776b34a9802587aa4b4c58838ea6a2f0947b7086cd8c97902fae7cf18f131c17
SHA512

5dccef7cbbeb3d5c360bff6170e623bbf9e60bd8b36f0781601b48e6a5b4216efc1d73799bcd8745bef4afc9015857aa980a664768e810e790b5f19e81ed998f
SSDEEP

192:5MiUlMyvhk4IkKHzvLiPD10se9eae3e3eae8ehezlTSBPxSq2u3SDz91s461Oe:6l6OhjI1HbLu1g8PxlZCDhm48

Score

1^/10

Suspicious use of AdjustPrivilegeToken 1 IoCs

description	pid	Process
Token: SeDebugPrivilege	3044	776b34a9802587aa4b4c58838ea6a2f0947b7086cd8c97902fae7cf18f131c17_JC.exe

C:\Users\Admin\AppData\Local\Temp\776b34a9802587aa4b4c58838ea6a2f0947b7086cd8c97902fae7cf18f131c17_JC.exe
"C:\Users\Admin\AppData\Local\Temp\776b34a9802587aa4b4c58838ea6a2f0947b7086cd8c97902fae7cf18f131c17_JC.exe"
1⤵
- Suspicious use of AdjustPrivilegeToken
PID:3044

memory/3044-0-0x00000000003C0000-0x00000000003CC000-memory.dmp

Filesize
48KB

Download
memory/3044-1-0x000007FEF5180000-0x000007FEF5B6C000-memory.dmp

Filesize
9.9MB

Download
memory/3044-2-0x000000001B070000-0x000000001B0F0000-memory.dmp

Filesize
512KB

Download
memory/3044-3-0x000007FEF5180000-0x000007FEF5B6C000-memory.dmp

Filesize
9.9MB

Download
memory/3044-4-0x000000001B070000-0x000000001B0F0000-memory.dmp

Filesize
512KB

Download