f0df6b1ad229161fa73e1b1eb94c0a631a39556985dcc589ad413ade33c509df

Analysis

max time kernel
148s
max time network
151s
platform
windows10-2004_x64
resource
win10v2004-20231215-en
resource tags

arch:x64arch:x86image:win10v2004-20231215-enlocale:en-usos:windows10-2004-x64system
submitted
25/12/2023, 17:50

Target

323727596e0eae71e281a009666d97b3.exe
Size

9KB
MD5

323727596e0eae71e281a009666d97b3
SHA1

9ef9eaa5a43382166ba852bf31c37eb265964080
SHA256

f0df6b1ad229161fa73e1b1eb94c0a631a39556985dcc589ad413ade33c509df
SHA512

a3c2255c70200d2de81e04e5b4bcb15d401756215411a5ae65549f685ce2cc16c96b0297c1535e9d2e0f2ede1870b1089e7b0f895c195463116e38d41fbb7a95
SSDEEP

192:TBksu7zHNQSNeMZZ3793Vnjdwqzu3WVfHViyHB:sHZNeMFFnhwq6mVfHViyH

Score

1^/10

Suspicious use of AdjustPrivilegeToken 1 IoCs

description	pid	Process
Token: SeDebugPrivilege	3176	323727596e0eae71e281a009666d97b3.exe

C:\Users\Admin\AppData\Local\Temp\323727596e0eae71e281a009666d97b3.exe
"C:\Users\Admin\AppData\Local\Temp\323727596e0eae71e281a009666d97b3.exe"
1⤵
- Suspicious use of AdjustPrivilegeToken
PID:3176

memory/3176-0-0x00000000001D0000-0x00000000001D8000-memory.dmp

Filesize
32KB

Download
memory/3176-3-0x0000000000B00000-0x0000000000B3C000-memory.dmp

Filesize
240KB

Download
memory/3176-4-0x000000001B150000-0x000000001B160000-memory.dmp

Filesize
64KB

Download
memory/3176-2-0x0000000000AA0000-0x0000000000AB2000-memory.dmp

Filesize
72KB

Download
memory/3176-1-0x00007FF9ACD70000-0x00007FF9AD831000-memory.dmp

Filesize
10.8MB

Download
memory/3176-5-0x00007FF9ACD70000-0x00007FF9AD831000-memory.dmp

Filesize
10.8MB

Download
memory/3176-6-0x00007FF9ACD70000-0x00007FF9AD831000-memory.dmp

Filesize
10.8MB

Download