9d93e4aad3650b56a2c27d5a03c091e5ecb052f1bdb2384582564f59d36244c3

Analysis

max time kernel
144s
max time network
146s
platform
windows10-2004_x64
resource
win10v2004-20231215-en
resource tags

arch:x64arch:x86image:win10v2004-20231215-enlocale:en-usos:windows10-2004-x64system
submitted
22/12/2023, 12:20

Target

8ba0ace4df2b83b7f4ec15b3539c2caa.exe
Size

9KB
MD5

8ba0ace4df2b83b7f4ec15b3539c2caa
SHA1

f32e9d216c3dd034eb8a86b424d435399007735d
SHA256

9d93e4aad3650b56a2c27d5a03c091e5ecb052f1bdb2384582564f59d36244c3
SHA512

701e1d90791974d79ec5ffb8ebd7723f8fb23cce38580621f14be41e95a8d08cadf331b49c140604c6bbc6c078edf67d37b84013714fbd7b42da402622ca2ad6
SSDEEP

192:GBksuPEXVwVuIeMZZ39D93VnjdwCzD3f9DF:mVwEIeMTFnhwCvP9

Score

1^/10

Suspicious use of AdjustPrivilegeToken 1 IoCs

description	pid	Process
Token: SeDebugPrivilege	3908	8ba0ace4df2b83b7f4ec15b3539c2caa.exe

C:\Users\Admin\AppData\Local\Temp\8ba0ace4df2b83b7f4ec15b3539c2caa.exe
"C:\Users\Admin\AppData\Local\Temp\8ba0ace4df2b83b7f4ec15b3539c2caa.exe"
1⤵
- Suspicious use of AdjustPrivilegeToken
PID:3908

memory/3908-0-0x0000000000810000-0x0000000000818000-memory.dmp

Filesize
32KB

Download
memory/3908-2-0x00007FF9CC120000-0x00007FF9CCBE1000-memory.dmp

Filesize
10.8MB

Download
memory/3908-1-0x0000000002890000-0x00000000028A2000-memory.dmp

Filesize
72KB

Download
memory/3908-3-0x00000000028F0000-0x000000000292C000-memory.dmp

Filesize
240KB

Download
memory/3908-4-0x000000001B730000-0x000000001B740000-memory.dmp

Filesize
64KB

Download
memory/3908-5-0x00007FF9CC120000-0x00007FF9CCBE1000-memory.dmp

Filesize
10.8MB

Download
memory/3908-6-0x00007FF9CC120000-0x00007FF9CCBE1000-memory.dmp

Filesize
10.8MB

Download