f9a2f3117b0ae03b696dbc698aba5aaab2da20c0778c3673e664335ec5384c1d

Analysis

max time kernel
147s
max time network
156s
platform
windows10-2004_x64
resource
win10v2004-20231215-en
resource tags

arch:x64arch:x86image:win10v2004-20231215-enlocale:en-usos:windows10-2004-x64system
submitted
25/12/2023, 05:09

Target

06e87b1ee205620f9a8ed2081ecb07fd.exe
Size

9KB
MD5

06e87b1ee205620f9a8ed2081ecb07fd
SHA1

3aed79848f3d53738f2b14e754cb1300bd8b6ac3
SHA256

f9a2f3117b0ae03b696dbc698aba5aaab2da20c0778c3673e664335ec5384c1d
SHA512

bdefaf311a709a152016e10fd6724ec84cfef169dea62fb1a0f2c97bb9f52d870ae9aef0855ef6812478e924b1b61a0ca59a997ac792dfed0c37b284dcb912ac
SSDEEP

192:qBksuPEXVwVXZeMZZ3y93VnjdwCzm3TgXt:6VwBZeMGFnhwC6jQ

Score

1^/10

Suspicious use of AdjustPrivilegeToken 1 IoCs

description	pid	Process
Token: SeDebugPrivilege	1552	06e87b1ee205620f9a8ed2081ecb07fd.exe

C:\Users\Admin\AppData\Local\Temp\06e87b1ee205620f9a8ed2081ecb07fd.exe
"C:\Users\Admin\AppData\Local\Temp\06e87b1ee205620f9a8ed2081ecb07fd.exe"
1⤵
- Suspicious use of AdjustPrivilegeToken
PID:1552

memory/1552-0-0x00000000008F0000-0x00000000008F8000-memory.dmp

Filesize
32KB

Download
memory/1552-1-0x00007FFCCFD00000-0x00007FFCD07C1000-memory.dmp

Filesize
10.8MB

Download
memory/1552-2-0x0000000002AB0000-0x0000000002AC2000-memory.dmp

Filesize
72KB

Download
memory/1552-3-0x000000001B410000-0x000000001B44C000-memory.dmp

Filesize
240KB

Download
memory/1552-4-0x000000001B6B0000-0x000000001B6C0000-memory.dmp

Filesize
64KB

Download
memory/1552-5-0x000000001B7C0000-0x000000001B8C2000-memory.dmp

Filesize
1.0MB

Download
memory/1552-7-0x00007FFCCFD00000-0x00007FFCD07C1000-memory.dmp

Filesize
10.8MB

Download
memory/1552-8-0x000000001B6B0000-0x000000001B6C0000-memory.dmp

Filesize
64KB

Download
memory/1552-14-0x00007FFCCFD00000-0x00007FFCD07C1000-memory.dmp

Filesize
10.8MB

Download