fae4da260f86065982bddc44d2b03b4698c038917afa9bc22636787cf08d5ff3

Analysis

max time kernel
142s
max time network
147s
platform
windows10-2004_x64
resource
win10v2004-20230915-en
resource tags

arch:x64arch:x86image:win10v2004-20230915-enlocale:en-usos:windows10-2004-x64system
submitted
03/10/2023, 12:23

Target

fae4da260f86065982bddc44d2b03b4698c038917afa9bc22636787cf08d5ff3.exe
Size

10KB
MD5

25f0c5aaf97834ce863e7c190de9ac8b
SHA1

b69fc3a548bfaebe2b0c40d80d7a40e9025b43d2
SHA256

fae4da260f86065982bddc44d2b03b4698c038917afa9bc22636787cf08d5ff3
SHA512

20020615c9e6f732d5d469924e4969b2524d08d59807bd6c4047b096f5be143c6887a4ba829330d8433d6a55e051ada59a9d40e934ffd4516be4635e5c5c7026
SSDEEP

96:BmJ0IFh4q1z+qcZ/ECcfUJ09PMcDzfG9fASnrNRy7Zfypt884f/tPM3O:0J0IgR9ECK3D7G9fAWnyNet884ntPaO

Score

1^/10

Suspicious use of AdjustPrivilegeToken 1 IoCs

description	pid	Process
Token: SeManageVolumePrivilege	548	svchost.exe

C:\Users\Admin\AppData\Local\Temp\fae4da260f86065982bddc44d2b03b4698c038917afa9bc22636787cf08d5ff3.exe
"C:\Users\Admin\AppData\Local\Temp\fae4da260f86065982bddc44d2b03b4698c038917afa9bc22636787cf08d5ff3.exe"
1⤵
PID:1548

C:\Windows\system32\rundll32.exe
"C:\Windows\system32\rundll32.exe" "C:\Windows\SYSTEM32\EDGEHTML.dll",#141 Microsoft.VCLibs.140.00_8wekyb3d8bbwe
1⤵
PID:1364

C:\Windows\System32\svchost.exe
C:\Windows\System32\svchost.exe -k UnistackSvcGroup
1⤵
- Suspicious use of AdjustPrivilegeToken
PID:548

memory/548-0-0x0000020291640000-0x0000020291650000-memory.dmp

Filesize
64KB

Download
memory/548-16-0x0000020291740000-0x0000020291750000-memory.dmp

Filesize
64KB

Download
memory/548-32-0x0000020299A70000-0x0000020299A71000-memory.dmp

Filesize
4KB

Download
memory/548-34-0x0000020299AA0000-0x0000020299AA1000-memory.dmp

Filesize
4KB

Download
memory/548-35-0x0000020299AA0000-0x0000020299AA1000-memory.dmp

Filesize
4KB

Download
memory/548-36-0x0000020299BB0000-0x0000020299BB1000-memory.dmp

Filesize
4KB

Download