60154e36818e9c1005d214c3e03f461dae4931d4aa9540821d417619602fe89a

Analysis

max time kernel
141s
max time network
150s
platform
windows10-2004_x64
resource
win10v2004-20231023-en
resource tags

arch:x64arch:x86image:win10v2004-20231023-enlocale:en-usos:windows10-2004-x64system
submitted
31/10/2023, 13:58

Target

c7a270565e691571199b35a704391e1500ffcac35dcc688cfa29fd1f7baba0f7.exe
Size

652KB
MD5

fa148b98c2276fbb519987ea3c415939
SHA1

18f4128e7e17097e2abc10a29eba879858ba8b70
SHA256

c7a270565e691571199b35a704391e1500ffcac35dcc688cfa29fd1f7baba0f7
SHA512

bd8651d3ef0370a7abf0c352b184bf80f4da22dcf3469c1e5996000cc0ebdf46f9e40835f283bebe30c5804b96365004516613c91b63861f58d436d3d8d990b0
SSDEEP

12288:Xjp5bu9TlLfUTdwq1A0WHrP76jI+FuXCAbwXb4ieGig1h:XjvbuhZUTdMLDfP/bwRig1

Score

1^/10

Suspicious use of AdjustPrivilegeToken 1 IoCs

description	pid	Process
Token: SeDebugPrivilege	3668	c7a270565e691571199b35a704391e1500ffcac35dcc688cfa29fd1f7baba0f7.exe

C:\Users\Admin\AppData\Local\Temp\c7a270565e691571199b35a704391e1500ffcac35dcc688cfa29fd1f7baba0f7.exe
"C:\Users\Admin\AppData\Local\Temp\c7a270565e691571199b35a704391e1500ffcac35dcc688cfa29fd1f7baba0f7.exe"
1⤵
- Suspicious use of AdjustPrivilegeToken
PID:3668

memory/3668-0-0x000001AB4FAD0000-0x000001AB4FB7A000-memory.dmp

Filesize
680KB

Download
memory/3668-1-0x000001AB6A010000-0x000001AB6A0C0000-memory.dmp

Filesize
704KB

Download
memory/3668-2-0x00007FFC624F0000-0x00007FFC62FB1000-memory.dmp

Filesize
10.8MB

Download
memory/3668-3-0x000001AB4FF60000-0x000001AB4FF70000-memory.dmp

Filesize
64KB

Download
memory/3668-4-0x00007FFC624F0000-0x00007FFC62FB1000-memory.dmp

Filesize
10.8MB

Download
memory/3668-5-0x000001AB4FF60000-0x000001AB4FF70000-memory.dmp

Filesize
64KB

Download