9790099d7097d4441cfdd15304423e102bcf3d2a1c059df9a5f61ccdf001a921

Analysis

max time kernel
142s
max time network
150s
platform
windows10-2004_x64
resource
win10v2004-20231020-en
resource tags

arch:x64arch:x86image:win10v2004-20231020-enlocale:en-usos:windows10-2004-x64system
submitted
26-11-2023 01:43

Target

$77-Example.exe
Size

47KB
MD5

4d766b499721c02eeeb1fd579b84324b
SHA1

fba43b613d5690d016d0f3e211a8369ee944f129
SHA256

9790099d7097d4441cfdd15304423e102bcf3d2a1c059df9a5f61ccdf001a921
SHA512

f8b0d1ad5dce85bf44e73c0384a6da0529cb48cd9e5f2884c911802a11ec8872c5bb233c416aa62ff81c57757f0e4d4d2e88190c2a7e7703a7df985b7589ff46
SSDEEP

768:yFH8Bd9tqyt4m52qJWXcm4ouy78Lw8Vd9OPyt4m52FJWXcm4oR:yh87Dqe49JDuy78Lw8nkPe49WDR

Score

1^/10

Suspicious use of AdjustPrivilegeToken 1 IoCs

description	pid	Process
Token: SeDebugPrivilege	3928	$77-Example.exe

C:\Users\Admin\AppData\Local\Temp\$77-Example.exe
"C:\Users\Admin\AppData\Local\Temp\$77-Example.exe"
1⤵
- Suspicious use of AdjustPrivilegeToken
PID:3928

memory/3928-0-0x000001FD2D2A0000-0x000001FD2D2B2000-memory.dmp

Filesize
72KB

Download
memory/3928-1-0x00007FFB01920000-0x00007FFB023E1000-memory.dmp

Filesize
10.8MB

Download
memory/3928-2-0x000001FD2F040000-0x000001FD2F050000-memory.dmp

Filesize
64KB

Download
memory/3928-3-0x000001FD2D690000-0x000001FD2D698000-memory.dmp

Filesize
32KB

Download
memory/3928-5-0x000001FD2EFC0000-0x000001FD2EFCE000-memory.dmp

Filesize
56KB

Download
memory/3928-4-0x000001FD2F100000-0x000001FD2F138000-memory.dmp

Filesize
224KB

Download
memory/3928-6-0x000001FD2F040000-0x000001FD2F050000-memory.dmp

Filesize
64KB

Download
memory/3928-7-0x00007FFB01920000-0x00007FFB023E1000-memory.dmp

Filesize
10.8MB

Download