2d369c8fd70cb536d9a80714cd1b89e28a811dc07da92694b41de4643f3e1cea

Analysis

max time kernel
138s
max time network
139s
platform
windows10-2004_x64
resource
win10v2004-20230915-en
resource tags

arch:x64arch:x86image:win10v2004-20230915-enlocale:en-usos:windows10-2004-x64system
submitted
01-10-2023 22:00

Target

googlephoto.js
Size

2KB
MD5

7b1a437a30d1e6cc57005f68ff3ebc6e
SHA1

ee034f7775b557972a234bd5ac522d42f8188429
SHA256

a2c555744ba3fb6a86b49bb2e98be947ace5ce5d68603143ae9c8c4ee44255c6
SHA512

6774005e468dd5a0b14fc7709cfa9e5bfa587cdad91cac76c0ac0ec8e738a953d191190467182a8a6c9e7a0a4bb434fd3d9aa29c6edef550db8f287d5d181545

Score

1^/10

Suspicious use of AdjustPrivilegeToken 1 IoCs

description	pid	Process
Token: SeManageVolumePrivilege	2092	svchost.exe

C:\Windows\system32\wscript.exe
wscript.exe C:\Users\Admin\AppData\Local\Temp\googlephoto.js
1⤵
PID:1476

C:\Windows\system32\rundll32.exe
"C:\Windows\system32\rundll32.exe" "C:\Windows\SYSTEM32\EDGEHTML.dll",#141 Microsoft.VCLibs.140.00_8wekyb3d8bbwe
1⤵
PID:1008

C:\Windows\System32\svchost.exe
C:\Windows\System32\svchost.exe -k UnistackSvcGroup
1⤵
- Suspicious use of AdjustPrivilegeToken
PID:2092

memory/2092-0-0x0000016F005A0000-0x0000016F005B0000-memory.dmp

Filesize
64KB

Download
memory/2092-16-0x0000016F006A0000-0x0000016F006B0000-memory.dmp

Filesize
64KB

Download
memory/2092-32-0x0000016F08A10000-0x0000016F08A11000-memory.dmp

Filesize
4KB

Download
memory/2092-34-0x0000016F08A20000-0x0000016F08A21000-memory.dmp

Filesize
4KB

Download
memory/2092-36-0x0000016F08A30000-0x0000016F08A31000-memory.dmp

Filesize
4KB

Download
memory/2092-35-0x0000016F08A20000-0x0000016F08A21000-memory.dmp

Filesize
4KB

Download