a2cd4272bc5085927aa3a532d849804bd609c252beaf76d3d0e6d9a1e4e0144b

Analysis

max time kernel
150s
max time network
153s
platform
windows7_x64
resource
win7-20231020-en
resource tags

arch:x64arch:x86image:win7-20231020-enlocale:en-usos:windows7-x64system
submitted
25/11/2023, 21:40

Target

a2cd4272bc5085927aa3a532d849804bd609c252beaf76d3d0e6d9a1e4e0144bexe.exe
Size

1.1MB
MD5

dadafd0e9cf90e6ec7244b1ed2a11eca
SHA1

98436daf69c89d07f4ab4bd2cdde6b5691d1b075
SHA256

a2cd4272bc5085927aa3a532d849804bd609c252beaf76d3d0e6d9a1e4e0144b
SHA512

1d11cecedaf74c6098791ee986733fb83ecf8739f3698373e2ff6ec0a38e92498bacaf98542feeebe246ff62d119bdd2fcc3ab3f951402cd9b770a9866f807f8
SSDEEP

24576:fmfmE0bk3oLIK2RjfjKZEZlUlPs5pDX1cZ:fmfmE0bk3oLIK2Rj4EwPb

Score

1^/10

Suspicious use of AdjustPrivilegeToken 1 IoCs

description	pid	Process
Token: SeDebugPrivilege	1164	a2cd4272bc5085927aa3a532d849804bd609c252beaf76d3d0e6d9a1e4e0144bexe.exe

C:\Users\Admin\AppData\Local\Temp\a2cd4272bc5085927aa3a532d849804bd609c252beaf76d3d0e6d9a1e4e0144bexe.exe
"C:\Users\Admin\AppData\Local\Temp\a2cd4272bc5085927aa3a532d849804bd609c252beaf76d3d0e6d9a1e4e0144bexe.exe"
1⤵
- Suspicious use of AdjustPrivilegeToken
PID:1164

memory/1164-0-0x0000000000930000-0x0000000000A48000-memory.dmp

Filesize
1.1MB

Download
memory/1164-1-0x000007FEF5A00000-0x000007FEF63EC000-memory.dmp

Filesize
9.9MB

Download
memory/1164-2-0x000000001B2A0000-0x000000001B320000-memory.dmp

Filesize
512KB

Download
memory/1164-3-0x000007FEF5A00000-0x000007FEF63EC000-memory.dmp

Filesize
9.9MB

Download
memory/1164-4-0x000000001B2A0000-0x000000001B320000-memory.dmp

Filesize
512KB

Download