0ae00841ece454c8cd46af06f49be334f7124fff455798a88abef7c8c1417174

Analysis

max time kernel
120s
max time network
140s
platform
windows7_x64
resource
win7-20230831-en
resource tags

arch:x64arch:x86image:win7-20230831-enlocale:en-usos:windows7-x64system
submitted
11/10/2023, 17:14

Target

0ae00841ece454c8cd46af06f49be334f7124fff455798a88abef7c8c1417174.exe
Size

1.3MB
MD5

7978107167a3ff1109f1b650715631c5
SHA1

aafdd97723704d4f00320c83b5765c86c707a9a6
SHA256

0ae00841ece454c8cd46af06f49be334f7124fff455798a88abef7c8c1417174
SHA512

bf3591a0873dbfa2e1cce5128b75f359d2fdfefe8f6c8e8f772416deefa985a4944700b9b78b5373310c54cb0e2b7f3e0c0249773d5847990d17da7b2cefbbd7
SSDEEP

12288:xTP/aK2vB+gXc3ajG+hjQKymY8efKCpD7Gj9G6G1qT8nQkCu83L3Wl/np9DBDt3b:xLCKAB/sqjnhMgeiCl7G0nehbGZpbD

Score

1^/10

Suspicious use of AdjustPrivilegeToken 1 IoCs

description	pid	Process
Token: SeTakeOwnershipPrivilege	2468	0ae00841ece454c8cd46af06f49be334f7124fff455798a88abef7c8c1417174.exe

C:\Users\Admin\AppData\Local\Temp\0ae00841ece454c8cd46af06f49be334f7124fff455798a88abef7c8c1417174.exe
"C:\Users\Admin\AppData\Local\Temp\0ae00841ece454c8cd46af06f49be334f7124fff455798a88abef7c8c1417174.exe"
1⤵
- Suspicious use of AdjustPrivilegeToken
PID:2468

memory/2468-0-0x0000000000400000-0x00000000005F7000-memory.dmp

Filesize
2.0MB

Download
memory/2468-1-0x00000000002C0000-0x0000000000327000-memory.dmp

Filesize
412KB

Download
memory/2468-6-0x00000000002C0000-0x0000000000327000-memory.dmp

Filesize
412KB

Download
memory/2468-7-0x00000000002C0000-0x0000000000327000-memory.dmp

Filesize
412KB

Download
memory/2468-12-0x0000000000400000-0x00000000005F7000-memory.dmp

Filesize
2.0MB

Download