d4d9b21d6a5b6fb409dcf156b8ea291d8390c741ec031efa12f9830abed22217

Analysis

max time kernel
118s
max time network
123s
platform
windows7_x64
resource
win7-20231020-en
resource tags

arch:x64arch:x86image:win7-20231020-enlocale:en-usos:windows7-x64system
submitted
02/11/2023, 08:32

Target

NEAS.b585718f7b61429323f4a0373d7aa080.exe
Size

799KB
MD5

b585718f7b61429323f4a0373d7aa080
SHA1

a23568bcfa0e51491043c42d1d7c75406ef3a3ff
SHA256

d4d9b21d6a5b6fb409dcf156b8ea291d8390c741ec031efa12f9830abed22217
SHA512

d88ff533c932da7b7026eb9fe2aa9cecea9481c50537af7ca5192774e9795ab74dd8174e1686e3c20ade3a29c6f5b2cb58b0cae963ceb32acf1f4767d3245660
SSDEEP

12288:9zt6WOtxAiWUBL8252uui8FbECP7BhdfswdJ0NXdU8ZWH7DEP1rCJ7U3Z:9zCtx9Wt2rR8FfBhRJUEbDk1ulUJ

Score

1^/10

Suspicious use of AdjustPrivilegeToken 1 IoCs

description	pid	Process
Token: SeTakeOwnershipPrivilege	2632	NEAS.b585718f7b61429323f4a0373d7aa080.exe

C:\Users\Admin\AppData\Local\Temp\NEAS.b585718f7b61429323f4a0373d7aa080.exe
"C:\Users\Admin\AppData\Local\Temp\NEAS.b585718f7b61429323f4a0373d7aa080.exe"
1⤵
- Suspicious use of AdjustPrivilegeToken
PID:2632

memory/2632-0-0x0000000000400000-0x00000000004D0000-memory.dmp

Filesize
832KB

Download
memory/2632-1-0x0000000000230000-0x0000000000296000-memory.dmp

Filesize
408KB

Download
memory/2632-6-0x0000000000230000-0x0000000000296000-memory.dmp

Filesize
408KB

Download
memory/2632-7-0x0000000000230000-0x0000000000296000-memory.dmp

Filesize
408KB

Download
memory/2632-11-0x0000000000400000-0x00000000004D0000-memory.dmp

Filesize
832KB

Download