d149b9eeb62e45a0f02057880f1aa1b09c50723fca2c83e381d97691612275f2

Analysis

max time kernel
139s
max time network
152s
platform
windows7_x64
resource
win7-20230831-en
resource tags

arch:x64arch:x86image:win7-20230831-enlocale:en-usos:windows7-x64system
submitted
11/10/2023, 20:28 UTC

Target

filesss.exe
Size

36KB
MD5

aac6786ebb74d50c3dc5ebb0fe24705b
SHA1

55d4a8606d03fbb70af535d9682aabcfae64884e
SHA256

68f656515d9b48c60473828132d9b3561f144b307d215a8295574dbfd784931d
SHA512

a0e0d0710ad3b4c701eb6fae46047b7e7d789c704e7960fbcc99115f0e78622fa3227afc71f1b642ff04f65c684ef08981b5456a6ca402677cb68bf25a7b710b
SSDEEP

768:RlXbdUDdawDimEps/0F1cbSLjacjvQp3qkfMjL8B:RlXbqDdLFEps8F6KjpjvwnMEB

Score

1^/10

Suspicious use of AdjustPrivilegeToken 1 IoCs

description	pid	Process
Token: SeDebugPrivilege	1648	filesss.exe

C:\Users\Admin\AppData\Local\Temp\filesss.exe
"C:\Users\Admin\AppData\Local\Temp\filesss.exe"
1⤵
- Suspicious use of AdjustPrivilegeToken
PID:1648

memory/1648-0-0x0000000000960000-0x000000000096E000-memory.dmp

Filesize
56KB

Download
memory/1648-1-0x000007FEF5D80000-0x000007FEF676C000-memory.dmp

Filesize
9.9MB

Download
memory/1648-2-0x000000001ABA0000-0x000000001AC20000-memory.dmp

Filesize
512KB

Download
memory/1648-3-0x0000000000910000-0x0000000000916000-memory.dmp

Filesize
24KB

Download
memory/1648-4-0x000007FEF5D80000-0x000007FEF676C000-memory.dmp

Filesize
9.9MB

Download
memory/1648-5-0x000000001ABA0000-0x000000001AC20000-memory.dmp

Filesize
512KB

Download