966b5db07e500a6e3cf6b2053353fbb97ce4288da7b385317123755fd1be306d

Analysis

max time kernel
147s
max time network
148s
platform
windows7_x64
resource
win7-20231130-en
resource tags

arch:x64arch:x86image:win7-20231130-enlocale:en-usos:windows7-x64system
submitted
02-12-2023 07:34

Target

COPIA BONIFICO-2314678 del 30112023_pdf .exe
Size

1019KB
MD5

4d0ebc34ea0cb64d9bba7ec0af2951a4
SHA1

c315635a143e7d524b7dfae4239d219303af3b43
SHA256

e08872d907e4d85eb08e12941a9d2784455b7998055aac1866d79a6028647078
SHA512

29164bc957e299f4ee4a79586a0ff025a99038738387758f06e3980843408c1deff904ca83e9f91b71a887bbaf99e98f26a8d487096691ff57efabc1fc574f54
SSDEEP

24576:BRXxtO5drZN8jo7OKvw4lU+TTjh5IYT4dXFSndFLecp86tdYuO1QRkZzv:Bm3znIQ

Score

1^/10

Suspicious use of AdjustPrivilegeToken 1 IoCs

Processes:

COPIA BONIFICO-2314678 del 30112023_pdf .exe

description pid process

Token: SeDebugPrivilege 3048 COPIA BONIFICO-2314678 del 30112023_pdf .exe

description	pid	process
Token: SeDebugPrivilege	3048	COPIA BONIFICO-2314678 del 30112023_pdf .exe

C:\Users\Admin\AppData\Local\Temp\COPIA BONIFICO-2314678 del 30112023_pdf .exe
"C:\Users\Admin\AppData\Local\Temp\COPIA BONIFICO-2314678 del 30112023_pdf .exe"
1⤵
- Suspicious use of AdjustPrivilegeToken
PID:3048

memory/3048-0-0x0000000001050000-0x0000000001154000-memory.dmp

Filesize
1.0MB

Download
memory/3048-1-0x0000000073FE0000-0x00000000746CE000-memory.dmp

Filesize
6.9MB

Download
memory/3048-2-0x00000000049A0000-0x00000000049E0000-memory.dmp

Filesize
256KB

Download
memory/3048-3-0x0000000073FE0000-0x00000000746CE000-memory.dmp

Filesize
6.9MB

Download
memory/3048-4-0x00000000049A0000-0x00000000049E0000-memory.dmp

Filesize
256KB

Download