e8582220f161aef10bcba30369f4d9a3f2a53024b9cd4a5f9f9fecfb98ba8be2

Analysis

max time kernel
150s
max time network
151s
platform
windows10-2004_x64
resource
win10v2004-20231215-en
resource tags

arch:x64arch:x86image:win10v2004-20231215-enlocale:en-usos:windows10-2004-x64system
submitted
24/12/2023, 20:47

Target

WindowBlinds/wbinstall32.exe
Size

97KB
MD5

f96d39caa6b1db84d2879a8349183c23
SHA1

d84ed7353e19936ab4e3ed015baba8e2e79bb10e
SHA256

7260ca00ce6a7f8051968ad34051927339422f4c7fd77454ad35aa165f61ef72
SHA512

19274dd0b3776e82a76504daf327e084d8bc990da247b3d2b576e1a5868ee0256546ece8b711fef3c8cee636f08e54d2230666a1c5f2d35ad2bed5658cdb5623
SSDEEP

768:Z8qi7LkxK8zBeN/g+XPj/6XGYSF9hkmeYbzkPCG5aZU9qZU9en1HiLo:Z8qi7IxKuAR5XmXGYSFHk7Y8d5aprnIE

Score

1^/10

Suspicious use of AdjustPrivilegeToken 2 IoCs

description	pid	Process
Token: 33	1244	wbinstall32.exe
Token: SeIncBasePriorityPrivilege	1244	wbinstall32.exe

C:\Users\Admin\AppData\Local\Temp\WindowBlinds\wbinstall32.exe
"C:\Users\Admin\AppData\Local\Temp\WindowBlinds\wbinstall32.exe"
1⤵
- Suspicious use of AdjustPrivilegeToken
PID:1244