f15c69823a60162af9d6ba8c9fd851912e4ddfae19658aa65f4d731bde90917e

Analysis

max time kernel
118s
max time network
122s
platform
windows7_x64
resource
win7-20230831-en
resource tags

arch:x64arch:x86image:win7-20230831-enlocale:en-usos:windows7-x64system
submitted
15/10/2023, 19:51

Target

cea7e2067db07b510e254551a8964a10_exe64.exe
Size

2.0MB
MD5

cea7e2067db07b510e254551a8964a10
SHA1

d2b4d1b051fe1a1886dda8efabd58a6333088152
SHA256

f15c69823a60162af9d6ba8c9fd851912e4ddfae19658aa65f4d731bde90917e
SHA512

e7406dbf878d89f0a76a2c253ef60db5e04ac616cb1ecb89e2d10a9b5ace5bb07c33b479cd5c89d0acc09c39ac6ca08739d7381d5a7f19ed7cf7595dc1e20751
SSDEEP

49152:SLbYI4I0bVKBUhx8CRSrzQ8vbeKgSRpXxmDYeQeaUx7qE7YPRVlbnXf9gPTTW7H/:iYZkBU6ZvCK/phm8eQN8cRVlbnP9WXWz

Score

1^/10

Suspicious use of AdjustPrivilegeToken 1 IoCs

description	pid	Process
Token: SeTakeOwnershipPrivilege	3004	cea7e2067db07b510e254551a8964a10_exe64.exe

C:\Users\Admin\AppData\Local\Temp\cea7e2067db07b510e254551a8964a10_exe64.exe
"C:\Users\Admin\AppData\Local\Temp\cea7e2067db07b510e254551a8964a10_exe64.exe"
1⤵
- Suspicious use of AdjustPrivilegeToken
PID:3004

memory/3004-0-0x0000000001B70000-0x0000000001BD0000-memory.dmp

Filesize
384KB

Download
memory/3004-2-0x0000000100000000-0x0000000100202000-memory.dmp

Filesize
2.0MB

Download
memory/3004-8-0x0000000001B70000-0x0000000001BD0000-memory.dmp

Filesize
384KB

Download
memory/3004-7-0x0000000001B70000-0x0000000001BD0000-memory.dmp

Filesize
384KB

Download
memory/3004-10-0x0000000001B70000-0x0000000001BD0000-memory.dmp

Filesize
384KB

Download
memory/3004-12-0x0000000100000000-0x0000000100202000-memory.dmp

Filesize
2.0MB

Download