cd6dd2492e3c7c5ada87c4e0f4d75495fe8e2496d87f2abdda68012cb055a445

Analysis

max time kernel
118s
max time network
121s
platform
windows7_x64
resource
win7-20231025-en
resource tags

arch:x64arch:x86image:win7-20231025-enlocale:en-usos:windows7-x64system
submitted
03-11-2023 18:50

Target

cd6dd2492e3c7c5ada87c4e0f4d75495fe8e2496d87f2abdda68012cb055a445.exe
Size

653KB
MD5

4897a9da53231c71c2e4abb0ac485a00
SHA1

0934a963c0dd19d297b1f88bc45ecf1115a6482f
SHA256

cd6dd2492e3c7c5ada87c4e0f4d75495fe8e2496d87f2abdda68012cb055a445
SHA512

c45492ab444df6c988daf14a5674149e487790dff1bec6e5fcacc3b6a0372cf33306b8a89fd61b6b21424c7ceb049e552179751f5114b9e535fc2439a7a2af63
SSDEEP

12288:OULCW3dqS9hOASLdTQO8zJl/guKLQFuW2qFwuODrdT5wgTJvFv5moa:X3N94AMdTEvcQFuOjOP95Xdt5c

Score

1^/10

Suspicious use of AdjustPrivilegeToken 1 IoCs

description	pid	Process
Token: SeTakeOwnershipPrivilege	3040	cd6dd2492e3c7c5ada87c4e0f4d75495fe8e2496d87f2abdda68012cb055a445.exe

C:\Users\Admin\AppData\Local\Temp\cd6dd2492e3c7c5ada87c4e0f4d75495fe8e2496d87f2abdda68012cb055a445.exe
"C:\Users\Admin\AppData\Local\Temp\cd6dd2492e3c7c5ada87c4e0f4d75495fe8e2496d87f2abdda68012cb055a445.exe"
1⤵
- Suspicious use of AdjustPrivilegeToken
PID:3040

memory/3040-0-0x0000000140000000-0x00000001400A8000-memory.dmp

Filesize
672KB

Download
memory/3040-1-0x00000000004D0000-0x0000000000530000-memory.dmp

Filesize
384KB

Download
memory/3040-8-0x00000000004D0000-0x0000000000530000-memory.dmp

Filesize
384KB

Download
memory/3040-7-0x00000000004D0000-0x0000000000530000-memory.dmp

Filesize
384KB

Download
memory/3040-10-0x00000000004D0000-0x0000000000530000-memory.dmp

Filesize
384KB

Download
memory/3040-12-0x0000000140000000-0x00000001400A8000-memory.dmp

Filesize
672KB

Download