14a10ef4f604c227bfa74bae7dd4b0ea95e27f0d1711080cd31efe6ab1141e95

Analysis

max time kernel
150s
max time network
154s
platform
windows7_x64
resource
win7-20230831-en
resource tags

arch:x64arch:x86image:win7-20230831-enlocale:en-usos:windows7-x64system
submitted
07-10-2023 00:47

Target

14a10ef4f604c227bfa74bae7dd4b0ea95e27f0d1711080cd31efe6ab1141e95.exe
Size

315KB
MD5

999d17f66b6e237453ad899d94fb6998
SHA1

fec99ee5b5e7d1e1f13ee69208292921a843a0bd
SHA256

14a10ef4f604c227bfa74bae7dd4b0ea95e27f0d1711080cd31efe6ab1141e95
SHA512

ba8e66801fcf49e6e5bcd74b03760f35d13060fee0c1e66daa8117976f8ae6e995acfc9208c44679425ba06b1d9bce86fb22d7ec867cc71ab7cf291cd811d99b
SSDEEP

6144:UD0AJsZbY+kdRpmXmfFgjYEIyv49iVt//Vzo+F0w3qmsTcKSK:K0AJ1+8RpmXmfFgjYEIyv49KnB5fiLS

Score

1^/10

Suspicious use of AdjustPrivilegeToken 1 IoCs

Processes:

14a10ef4f604c227bfa74bae7dd4b0ea95e27f0d1711080cd31efe6ab1141e95.exe

description pid process

Token: SeDebugPrivilege 2468 14a10ef4f604c227bfa74bae7dd4b0ea95e27f0d1711080cd31efe6ab1141e95.exe

description	pid	process
Token: SeDebugPrivilege	2468	14a10ef4f604c227bfa74bae7dd4b0ea95e27f0d1711080cd31efe6ab1141e95.exe

C:\Users\Admin\AppData\Local\Temp\14a10ef4f604c227bfa74bae7dd4b0ea95e27f0d1711080cd31efe6ab1141e95.exe
"C:\Users\Admin\AppData\Local\Temp\14a10ef4f604c227bfa74bae7dd4b0ea95e27f0d1711080cd31efe6ab1141e95.exe"
1⤵
- Suspicious use of AdjustPrivilegeToken
PID:2468

memory/2468-0-0x0000000001300000-0x0000000001356000-memory.dmp

Filesize
344KB

Download
memory/2468-1-0x00000000748F0000-0x0000000074FDE000-memory.dmp

Filesize
6.9MB

Download
memory/2468-2-0x0000000001200000-0x0000000001240000-memory.dmp

Filesize
256KB

Download
memory/2468-3-0x0000000000440000-0x000000000044A000-memory.dmp

Filesize
40KB

Download
memory/2468-4-0x00000000748F0000-0x0000000074FDE000-memory.dmp

Filesize
6.9MB

Download
memory/2468-5-0x0000000001200000-0x0000000001240000-memory.dmp

Filesize
256KB

Download