f6826bf05edb8fd89e91df4e521b5950bc6d63ec08c62bb256ff269a19a0aa41

Analysis

max time kernel
118s
max time network
142s
platform
windows7_x64
resource
win7-20230831-en
resource tags

arch:x64arch:x86image:win7-20230831-enlocale:en-usos:windows7-x64system
submitted
07/10/2023, 12:09

Target

f6826bf05edb8fd89e91df4e521b5950bc6d63ec08c62bb256ff269a19a0aa41.exe
Size

1.5MB
MD5

753799b5e1464ed8c4ce0cbe2d81e010
SHA1

4511cd11ebe72cfa473bd9a51418e6ece114ee2e
SHA256

f6826bf05edb8fd89e91df4e521b5950bc6d63ec08c62bb256ff269a19a0aa41
SHA512

aad5cc5986a170640de03e94469b74241b9f07f81ffefbbce86f7392e41ab5cba827042d00d0061657526116e63cd7aa81b5be1c748d7cf686678ed1965e3895
SSDEEP

24576:nNu9eVeeV0sqjnhMgeiCl7G0nehbGZpbD:NuUr2Dmg27RnWGj

Score

1^/10

Suspicious use of AdjustPrivilegeToken 1 IoCs

description	pid	Process
Token: SeTakeOwnershipPrivilege	2736	f6826bf05edb8fd89e91df4e521b5950bc6d63ec08c62bb256ff269a19a0aa41.exe

C:\Users\Admin\AppData\Local\Temp\f6826bf05edb8fd89e91df4e521b5950bc6d63ec08c62bb256ff269a19a0aa41.exe
"C:\Users\Admin\AppData\Local\Temp\f6826bf05edb8fd89e91df4e521b5950bc6d63ec08c62bb256ff269a19a0aa41.exe"
1⤵
- Suspicious use of AdjustPrivilegeToken
PID:2736

memory/2736-0-0x0000000140000000-0x0000000140222000-memory.dmp

Filesize
2.1MB

Download
memory/2736-1-0x00000000001E0000-0x0000000000240000-memory.dmp

Filesize
384KB

Download
memory/2736-7-0x00000000001E0000-0x0000000000240000-memory.dmp

Filesize
384KB

Download
memory/2736-8-0x00000000001E0000-0x0000000000240000-memory.dmp

Filesize
384KB

Download
memory/2736-11-0x00000000001E0000-0x0000000000240000-memory.dmp

Filesize
384KB

Download
memory/2736-13-0x0000000140000000-0x0000000140222000-memory.dmp

Filesize
2.1MB

Download