5ff52528edb177069cf3b49cd06fe830e35c47c8502171386000b409568eb88c

Analysis

max time kernel
150s
max time network
150s
platform
windows7_x64
resource
win7-20231201-en
resource tags

arch:x64arch:x86image:win7-20231201-enlocale:en-usos:windows7-x64system
submitted
02-12-2023 02:20

Target

5ff52528edb177069cf3b49cd06fe830e35c47c8502171386000b409568eb88c.exe
Size

798KB
MD5

e9fff14d4d3ad674aed143d35c55fe4c
SHA1

6c3272aa15ccda586dfa6ab8330f186215f84f74
SHA256

5ff52528edb177069cf3b49cd06fe830e35c47c8502171386000b409568eb88c
SHA512

a825ecbed0a1e06800f1f7b7c3a7e073d0ea4b17fb3dcf1397c62e287684d0ec2153548eabe27f9c9e80bdf33d65da3b91a81d597c183473e8e1b513fe097944
SSDEEP

12288:r84A5IfMos5osLAwY9pPv+qZkjIr2DceJ9GQ0eV2nwu:r84A5IfMos5osLAwPUc82t5Unw

Score

1^/10

Suspicious use of AdjustPrivilegeToken 1 IoCs

Processes:

5ff52528edb177069cf3b49cd06fe830e35c47c8502171386000b409568eb88c.exe

description pid process

Token: SeDebugPrivilege 3056 5ff52528edb177069cf3b49cd06fe830e35c47c8502171386000b409568eb88c.exe

description	pid	process
Token: SeDebugPrivilege	3056	5ff52528edb177069cf3b49cd06fe830e35c47c8502171386000b409568eb88c.exe

C:\Users\Admin\AppData\Local\Temp\5ff52528edb177069cf3b49cd06fe830e35c47c8502171386000b409568eb88c.exe
"C:\Users\Admin\AppData\Local\Temp\5ff52528edb177069cf3b49cd06fe830e35c47c8502171386000b409568eb88c.exe"
1⤵
- Suspicious use of AdjustPrivilegeToken
PID:3056

memory/3056-0-0x00000000009D0000-0x0000000000A9E000-memory.dmp

Filesize
824KB

Download
memory/3056-1-0x0000000074630000-0x0000000074D1E000-memory.dmp

Filesize
6.9MB

Download
memory/3056-2-0x0000000004900000-0x0000000004940000-memory.dmp

Filesize
256KB

Download
memory/3056-3-0x0000000000340000-0x000000000034A000-memory.dmp

Filesize
40KB

Download
memory/3056-4-0x0000000074630000-0x0000000074D1E000-memory.dmp

Filesize
6.9MB

Download
memory/3056-5-0x0000000004900000-0x0000000004940000-memory.dmp

Filesize
256KB

Download