b73234fec5a6cbf5e739a75ce9aa9674f11dd409a81c740f009e1bf18c767c94

Analysis

max time kernel
150s
max time network
153s
platform
windows7_x64
resource
win7-20230831-en
resource tags

arch:x64arch:x86image:win7-20230831-enlocale:en-usos:windows7-x64system
submitted
03/10/2023, 13:17

Target

DOCUMENT.exe
Size

315KB
MD5

eda40702144ec2355291dccda48b7a38
SHA1

36a59628463f556c08a803968f1fbcf8bf88f80f
SHA256

b73234fec5a6cbf5e739a75ce9aa9674f11dd409a81c740f009e1bf18c767c94
SHA512

69ed226fb392ab08ad45d2d5ef06ba315f065e54d51c7e87a9b5a1b0e5f17083de6b210f03e96cc7d7c80c7b807964c17fd328c2f476e4421763fe8cf1a6d21d
SSDEEP

6144:PwgrUc9Zr8Ed+ioFyk9d46t2wICZZWrZyRbtU1TML5qXCTiKSK:jUcoi+pFyk9d482w1tU5M1eYlS

Score

1^/10

Suspicious use of AdjustPrivilegeToken 1 IoCs

description	pid	Process
Token: SeDebugPrivilege	1324	DOCUMENT.exe

C:\Users\Admin\AppData\Local\Temp\DOCUMENT.exe
"C:\Users\Admin\AppData\Local\Temp\DOCUMENT.exe"
1⤵
- Suspicious use of AdjustPrivilegeToken
PID:1324

memory/1324-0-0x0000000001300000-0x0000000001356000-memory.dmp

Filesize
344KB

Download
memory/1324-1-0x00000000740A0000-0x000000007478E000-memory.dmp

Filesize
6.9MB

Download
memory/1324-2-0x0000000001280000-0x00000000012C0000-memory.dmp

Filesize
256KB

Download
memory/1324-3-0x00000000003C0000-0x00000000003CA000-memory.dmp

Filesize
40KB

Download
memory/1324-4-0x00000000740A0000-0x000000007478E000-memory.dmp

Filesize
6.9MB

Download
memory/1324-5-0x0000000001280000-0x00000000012C0000-memory.dmp

Filesize
256KB

Download