433b84eb675f80cea851007e07f1ab8d32d03ca727aeaa34569458b0ba926c2c

Analysis

max time kernel
120s
max time network
159s
platform
windows10-2004_x64
resource
win10v2004-20231215-en
resource tags

arch:x64arch:x86image:win10v2004-20231215-enlocale:en-usos:windows10-2004-x64system
submitted
24/12/2023, 17:27

Target

08820be4f77a03c85804ee3e05e1fe3b.exe
Size

464KB
MD5

08820be4f77a03c85804ee3e05e1fe3b
SHA1

6b3565d679e44861e32aa0f1482c2e97de0b482c
SHA256

433b84eb675f80cea851007e07f1ab8d32d03ca727aeaa34569458b0ba926c2c
SHA512

0d61ab5a5236aebcc2dd5bcbaf31dec22d08b9e00b0c03b2501f537518f1ce6cb62ba523b8556cd9ef417beb45705c92179d426c22a8631c90ba3f38d04427cc
SSDEEP

6144:wi/B5vFSRtkCzzaM0VmwzTSMNUxXIsRWPFHF/1Be0tGQxf3Rb9dSNGt7HEi:t//mTvKnCMpFdtGQzAIb

Score

1^/10

Modifies registry class 2 IoCs

description	ioc	Process
Key created	\REGISTRY\MACHINE\Software\Classes\WOW6432Node\CLSID\{1AA60054-57D9-4F99-9A55-D0FBFBE7ECD3}	Process not Found
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{1AA60054-57D9-4F99-9A55-D0FBFBE7ECD3}\ = "2963117e-e040-4232-b47b-e94ae623f5c6"	Process not Found

Suspicious use of AdjustPrivilegeToken 1 IoCs

description	pid	Process
Token: SeDebugPrivilege	1480	Process not Found

C:\Users\Admin\AppData\Local\Temp\08820be4f77a03c85804ee3e05e1fe3b.exe
"C:\Users\Admin\AppData\Local\Temp\08820be4f77a03c85804ee3e05e1fe3b.exe"
1⤵
PID:1480

memory/1480-0-0x0000000074770000-0x0000000074D21000-memory.dmp

Filesize
5.7MB

Download
memory/1480-2-0x0000000000CD0000-0x0000000000CE0000-memory.dmp

Filesize
64KB

Download
memory/1480-1-0x0000000074770000-0x0000000074D21000-memory.dmp

Filesize
5.7MB

Download
memory/1480-7-0x0000000074770000-0x0000000074D21000-memory.dmp

Filesize
5.7MB

Download