08f6f98560d7c79ebe346d8c0664270301b6bc8d8b0eb78f30cb1efbde422257

Analysis

max time kernel
103s
max time network
50s
platform
windows7_x64
resource
win7-20230831-en
resource tags

arch:x64arch:x86image:win7-20230831-enlocale:en-usos:windows7-x64system
submitted
11/10/2023, 22:53

Target

08f6f98560d7c79ebe346d8c0664270301b6bc8d8b0eb78f30cb1efbde422257_JC.exe
Size

3.2MB
MD5

927783a38772fd607fb4dfbf34dceaf3
SHA1

ec0943dc121d4e0526f47c048cd7de4e531bde9c
SHA256

08f6f98560d7c79ebe346d8c0664270301b6bc8d8b0eb78f30cb1efbde422257
SHA512

f3110f91d2ed20356f73dd8ed5f26d6411e7fddea1b69e14a38e462cc0300547751e84f2c9baf0066afede9831209032e1989a988b26089204d7d8e238effae2
SSDEEP

49152:+rrM8ykrJLTarx7otjag3oSPV71Unco9U+ED45aU8QrMmI/KP5zXbYhU/Krq1Ze0:+mcWWYTa96txQxuT66hyYTBDLL

Score

1^/10

Suspicious use of AdjustPrivilegeToken 1 IoCs

description	pid	Process
Token: SeDebugPrivilege	2932	08f6f98560d7c79ebe346d8c0664270301b6bc8d8b0eb78f30cb1efbde422257_JC.exe

C:\Users\Admin\AppData\Local\Temp\08f6f98560d7c79ebe346d8c0664270301b6bc8d8b0eb78f30cb1efbde422257_JC.exe
"C:\Users\Admin\AppData\Local\Temp\08f6f98560d7c79ebe346d8c0664270301b6bc8d8b0eb78f30cb1efbde422257_JC.exe"
1⤵
- Suspicious use of AdjustPrivilegeToken
PID:2932

memory/2932-0-0x0000000000300000-0x0000000000630000-memory.dmp

Filesize
3.2MB

Download
memory/2932-1-0x000007FEF51D0000-0x000007FEF5BBC000-memory.dmp

Filesize
9.9MB

Download
memory/2932-2-0x000000001C2E0000-0x000000001C360000-memory.dmp

Filesize
512KB

Download
memory/2932-4-0x000007FEF51D0000-0x000007FEF5BBC000-memory.dmp

Filesize
9.9MB

Download
memory/2932-5-0x000000001C2E0000-0x000000001C360000-memory.dmp

Filesize
512KB

Download