06b65bd9da2ca1cc93132edf0bc6f055ecd1cd6948140500d987da117358c0f6

Analysis

max time kernel
145s
max time network
149s
platform
windows10-2004_x64
resource
win10v2004-20231130-en
resource tags

arch:x64arch:x86image:win10v2004-20231130-enlocale:en-usos:windows10-2004-x64system
submitted
06-12-2023 15:28

Target

06b65bd9da2ca1cc93132edf0bc6f055ecd1cd6948140500d987da117358c0f6.exe
Size

1.8MB
MD5

209ce9560ce534608415937ddc323a9c
SHA1

942b4c3123ca6bb9ecfc479bfb26a3768d3fc289
SHA256

06b65bd9da2ca1cc93132edf0bc6f055ecd1cd6948140500d987da117358c0f6
SHA512

08272d48625a554fb23c7c1d17e1da8630aeb9757499dd0721d5243e95b8e515147de61184e33731f227d20ece80d7a11e378c6c06d42b8c076d03ff7a6adf0c
SSDEEP

24576:c+NXDnJ3U1BtHrVRtm3Aqa7HYdxTQt7zkpbJ7vDSKuSbksRlv1Munu155JPG:1J3oTLV+3zNQuV74SBRlvx8558

Score

1^/10

Suspicious use of AdjustPrivilegeToken 1 IoCs

description	pid	Process
Token: SeDebugPrivilege	4368	06b65bd9da2ca1cc93132edf0bc6f055ecd1cd6948140500d987da117358c0f6.exe

C:\Users\Admin\AppData\Local\Temp\06b65bd9da2ca1cc93132edf0bc6f055ecd1cd6948140500d987da117358c0f6.exe
"C:\Users\Admin\AppData\Local\Temp\06b65bd9da2ca1cc93132edf0bc6f055ecd1cd6948140500d987da117358c0f6.exe"
1⤵
- Suspicious use of AdjustPrivilegeToken
PID:4368

memory/4368-0-0x000001F830C80000-0x000001F830CBE000-memory.dmp

Filesize
248KB

Download
memory/4368-1-0x00007FF6B47E0000-0x00007FF6B4A65000-memory.dmp

Filesize
2.5MB

Download
memory/4368-2-0x00007FF98B1D0000-0x00007FF98BC91000-memory.dmp

Filesize
10.8MB

Download
memory/4368-3-0x000001F830DB0000-0x000001F830DC0000-memory.dmp

Filesize
64KB

Download
memory/4368-5-0x000001F830DB0000-0x000001F830DC0000-memory.dmp

Filesize
64KB

Download
memory/4368-4-0x000001F830DB0000-0x000001F830DC0000-memory.dmp

Filesize
64KB

Download
memory/4368-6-0x000001F830DB0000-0x000001F830DC0000-memory.dmp

Filesize
64KB

Download
memory/4368-7-0x00007FF98B1D0000-0x00007FF98BC91000-memory.dmp

Filesize
10.8MB

Download
memory/4368-8-0x00007FF6B47E0000-0x00007FF6B4A65000-memory.dmp

Filesize
2.5MB

Download