4ff5851428bd10bffc8d92c09509817bfe0e46028a09d7765379c6f6660629f5

Analysis

max time kernel
144s
max time network
150s
platform
windows10-2004_x64
resource
win10v2004-20231023-en
resource tags

arch:x64arch:x86image:win10v2004-20231023-enlocale:en-usos:windows10-2004-x64system
submitted
07-11-2023 03:06

Target

NEAS.586c4e440d2f094ed61e061ea26b1190.exe
Size

23KB
MD5

586c4e440d2f094ed61e061ea26b1190
SHA1

d2fa547557a11ec0a6bb70e61231beb94679f5a8
SHA256

4ff5851428bd10bffc8d92c09509817bfe0e46028a09d7765379c6f6660629f5
SHA512

1b31eda981e455c265e775a2b92c2c64e7b38464250c7d4e8dc2197da471659aac6708184f50cb9809139fddf94efbd25e18eec577e9c266382f4fe51736a2a9
SSDEEP

384:aHoOO9CC3ZFkV//9QG5qGMX6Lu5y80ztjpb4FYkxBkSU+pONA6eTViC9k:aIOhCpu/FT5QX6Lu5IWFYkPkSHT4F

Score

1^/10

Suspicious use of AdjustPrivilegeToken 1 IoCs

description	pid	Process
Token: SeManageVolumePrivilege	3780	svchost.exe

C:\Users\Admin\AppData\Local\Temp\NEAS.586c4e440d2f094ed61e061ea26b1190.exe
"C:\Users\Admin\AppData\Local\Temp\NEAS.586c4e440d2f094ed61e061ea26b1190.exe"
1⤵
PID:220

C:\Windows\system32\rundll32.exe
"C:\Windows\system32\rundll32.exe" "C:\Windows\SYSTEM32\EDGEHTML.dll",#141 Microsoft.VCLibs.140.00_8wekyb3d8bbwe
1⤵
PID:500

C:\Windows\System32\svchost.exe
C:\Windows\System32\svchost.exe -k UnistackSvcGroup
1⤵
- Suspicious use of AdjustPrivilegeToken
PID:3780

memory/3780-0-0x000001F0EC8A0000-0x000001F0EC8B0000-memory.dmp

Filesize
64KB

Download
memory/3780-16-0x000001F0EC9A0000-0x000001F0EC9B0000-memory.dmp

Filesize
64KB

Download
memory/3780-32-0x000001F0F4D10000-0x000001F0F4D11000-memory.dmp

Filesize
4KB

Download
memory/3780-34-0x000001F0F4D40000-0x000001F0F4D41000-memory.dmp

Filesize
4KB

Download
memory/3780-35-0x000001F0F4D40000-0x000001F0F4D41000-memory.dmp

Filesize
4KB

Download
memory/3780-36-0x000001F0F4E50000-0x000001F0F4E51000-memory.dmp

Filesize
4KB

Download