89ee28accdb2cdb90b558fb49ff858eb471e73072e1ec585d3a5b6d212f82dd2

Analysis

max time kernel
121s
max time network
126s
platform
windows7_x64
resource
win7-20231025-en
resource tags

arch:x64arch:x86image:win7-20231025-enlocale:en-usos:windows7-x64system
submitted
24/11/2023, 08:08

Target

89ee28accdb2cdb90b558fb49ff858eb471e73072e1ec585d3a5b6d212f82dd2.exe
Size

706KB
MD5

031350c4ae5c5b345fc2308405b23954
SHA1

734c5695f90c098099318b105cb12d8a73b0b1ee
SHA256

89ee28accdb2cdb90b558fb49ff858eb471e73072e1ec585d3a5b6d212f82dd2
SHA512

89600bc6004162f462f601ec29e7085e511b505ca9046ddb9f386c45d3fd26aeaa6b5cf9a6fde3287a8005699ad190df879319621e66cc33971341a0b0a48645
SSDEEP

12288:FAiB+tYOe7qA2p2huV8ngoPy22OaXbQY/JaYfjYvT:FAiBT3r2p2gV8ng2P2OaXbQYxj

Score

1^/10

Suspicious use of AdjustPrivilegeToken 1 IoCs

description	pid	Process
Token: SeTakeOwnershipPrivilege	2440	89ee28accdb2cdb90b558fb49ff858eb471e73072e1ec585d3a5b6d212f82dd2.exe

C:\Users\Admin\AppData\Local\Temp\89ee28accdb2cdb90b558fb49ff858eb471e73072e1ec585d3a5b6d212f82dd2.exe
"C:\Users\Admin\AppData\Local\Temp\89ee28accdb2cdb90b558fb49ff858eb471e73072e1ec585d3a5b6d212f82dd2.exe"
1⤵
- Suspicious use of AdjustPrivilegeToken
PID:2440

memory/2440-1-0x0000000001D20000-0x0000000001D86000-memory.dmp

Filesize
408KB

Download
memory/2440-0-0x0000000000400000-0x00000000004B5000-memory.dmp

Filesize
724KB

Download
memory/2440-4-0x0000000000400000-0x00000000004B5000-memory.dmp

Filesize
724KB

Download
memory/2440-8-0x0000000001D20000-0x0000000001D86000-memory.dmp

Filesize
408KB

Download
memory/2440-7-0x0000000001D20000-0x0000000001D86000-memory.dmp

Filesize
408KB

Download
memory/2440-13-0x0000000000400000-0x00000000004B5000-memory.dmp

Filesize
724KB

Download