0023258acd7add128f98f6ca94262da1fa5e270054666137fa489be3e352aa18

Analysis

max time kernel
150s
max time network
155s
platform
windows7_x64
resource
win7-20230831-en
resource tags

arch:x64arch:x86image:win7-20230831-enlocale:en-usos:windows7-x64system
submitted
02/10/2023, 15:27

Target

MPS202210028742916 pdf.exe
Size

22KB
MD5

7f28a176e1659470a15cbcd6b6a2acc4
SHA1

c90b1ac494c2522504749289988b4c78e62951dd
SHA256

0023258acd7add128f98f6ca94262da1fa5e270054666137fa489be3e352aa18
SHA512

fc13448d7953681347d5ed53eba8ba40bc3ad1f598fb5f939264d3d48d797ee562f375967ebe836e53e0207b235ec8b601a69363e11d21b7c124198f5e251b33
SSDEEP

384:CLUED2APL6yRqtxAx+roEOsVK/KO+sB6fT:jRs3RqtGx+roAYP+9L

Score

1^/10

Suspicious use of AdjustPrivilegeToken 1 IoCs

description	pid	Process
Token: SeDebugPrivilege	1880	MPS202210028742916 pdf.exe

C:\Users\Admin\AppData\Local\Temp\MPS202210028742916 pdf.exe
"C:\Users\Admin\AppData\Local\Temp\MPS202210028742916 pdf.exe"
1⤵
- Suspicious use of AdjustPrivilegeToken
PID:1880

memory/1880-0-0x0000000001380000-0x000000000138C000-memory.dmp

Filesize
48KB

Download
memory/1880-1-0x000007FEF57A0000-0x000007FEF618C000-memory.dmp

Filesize
9.9MB

Download
memory/1880-2-0x000000001AF30000-0x000000001AFB0000-memory.dmp

Filesize
512KB

Download
memory/1880-3-0x000007FEF57A0000-0x000007FEF618C000-memory.dmp

Filesize
9.9MB

Download
memory/1880-4-0x000000001AF30000-0x000000001AFB0000-memory.dmp

Filesize
512KB

Download