ffb44a5388958cda3be00af5170e3fa51c5bc59e7b6ea659836417a17594d18c

Analysis

max time kernel
138s
max time network
183s
platform
windows10-2004_x64
resource
win10v2004-20230915-en
resource tags

arch:x64arch:x86image:win10v2004-20230915-enlocale:en-usos:windows10-2004-x64system
submitted
13-10-2023 02:17

Target

IqXYLXKzl6.exe
Size

17KB
MD5

076569d51c616ec2446a2e6b85205764
SHA1

e66ed4fd01550e7fef7fe4b6b4d57aaaf1109c11
SHA256

754794ccb5c349adb0551759cc1cd6add14616a50b5b3ffe1b4c0d133d13f300
SHA512

cb11acacb7c5d73b84e01fe54d7c2b1ccba60c76b1c0aa5561d7482e598716f9228ef21690a85fcdf797c181cc44d6bcc7f0734d357bdac1b14d7ebc2e24162a
SSDEEP

384:GWeOtTbX4sJStS77uBLbt+B6a2CaneFrmbSEM1+TAVDxfEHufIJzJf:HetAidANFAA36uwJzJf

Score

1^/10

Suspicious use of AdjustPrivilegeToken 1 IoCs

description	pid	Process
Token: SeDebugPrivilege	2068	IqXYLXKzl6.exe

C:\Users\Admin\AppData\Local\Temp\IqXYLXKzl6.exe
"C:\Users\Admin\AppData\Local\Temp\IqXYLXKzl6.exe"
1⤵
- Suspicious use of AdjustPrivilegeToken
PID:2068

memory/2068-0-0x000001533B920000-0x000001533B928000-memory.dmp

Filesize
32KB

Download
memory/2068-1-0x0000015356470000-0x0000015356998000-memory.dmp

Filesize
5.2MB

Download
memory/2068-2-0x00007FFB7B550000-0x00007FFB7C011000-memory.dmp

Filesize
10.8MB

Download
memory/2068-3-0x000001533D610000-0x000001533D620000-memory.dmp

Filesize
64KB

Download
memory/2068-4-0x00007FFB7B550000-0x00007FFB7C011000-memory.dmp

Filesize
10.8MB

Download