66ac205d7b9a649bfa7b8606be0c44756b405e365113c1f17f31981d8a62ec2f

Analysis

max time kernel
145s
max time network
150s
platform
windows10-2004_x64
resource
win10v2004-20231222-en
resource tags

arch:x64arch:x86image:win10v2004-20231222-enlocale:en-usos:windows10-2004-x64system
submitted
24/12/2023, 20:01

Target

0f7c2e6ea50956308e212160f5824bf0.exe
Size

9KB
MD5

0f7c2e6ea50956308e212160f5824bf0
SHA1

ea9e48abc35b552436661cd19009b41a0bc9882f
SHA256

66ac205d7b9a649bfa7b8606be0c44756b405e365113c1f17f31981d8a62ec2f
SHA512

316fcc11848597eb0f08d39e90d92b49d95017d9769e361888361004a9969f0cd71cf19804de58d998f0d39c399e661a3f4d26041656af600854654034549158
SSDEEP

192:qBksu7rN3y+XpeMZZ3k93VnjdwCzDR3QycJU/b:RZhpeMAFnhwCBAycJU/

Score

1^/10

Suspicious use of AdjustPrivilegeToken 1 IoCs

description	pid	Process
Token: SeDebugPrivilege	1136	0f7c2e6ea50956308e212160f5824bf0.exe

C:\Users\Admin\AppData\Local\Temp\0f7c2e6ea50956308e212160f5824bf0.exe
"C:\Users\Admin\AppData\Local\Temp\0f7c2e6ea50956308e212160f5824bf0.exe"
1⤵
- Suspicious use of AdjustPrivilegeToken
PID:1136

memory/1136-0-0x00000000007F0000-0x00000000007F8000-memory.dmp

Filesize
32KB

Download
memory/1136-1-0x00007FFE7D750000-0x00007FFE7E211000-memory.dmp

Filesize
10.8MB

Download
memory/1136-2-0x0000000002980000-0x0000000002992000-memory.dmp

Filesize
72KB

Download
memory/1136-3-0x000000001B2C0000-0x000000001B2FC000-memory.dmp

Filesize
240KB

Download
memory/1136-4-0x000000001B5D0000-0x000000001B5E0000-memory.dmp

Filesize
64KB

Download
memory/1136-5-0x00007FFE7D750000-0x00007FFE7E211000-memory.dmp

Filesize
10.8MB

Download
memory/1136-6-0x00007FFE7D750000-0x00007FFE7E211000-memory.dmp

Filesize
10.8MB

Download