542c835beecdb583d91729b609d49a1e9e6072dce2148701faaa356723d241be

Analysis

max time kernel
119s
max time network
125s
platform
windows7_x64
resource
win7-20231215-en
resource tags

arch:x64arch:x86image:win7-20231215-enlocale:en-usos:windows7-x64system
submitted
26/12/2023, 00:28

Target

4674e41064471788442b3b712c152414.exe
Size

698KB
MD5

4674e41064471788442b3b712c152414
SHA1

dbcf1543238fb33bd4ef817cda8148a8e2118375
SHA256

542c835beecdb583d91729b609d49a1e9e6072dce2148701faaa356723d241be
SHA512

84132c2ff04e50f04993d0ceb6ed2618b80d22cf5fc5e5bf4d6dcbe6fd3d5ead30dba2951c0df9dab392b1c96c1463114fe9bb98fd13e1bc4009ac6f5ab1ed5d
SSDEEP

12288:zkIUeiG2E73BzHjyOyHpBvygTUxieU66yI8ku/z0xast:lypBvygA8eU66yfgEst

Score

1^/10

Suspicious use of AdjustPrivilegeToken 1 IoCs

description	pid	Process
Token: SeDebugPrivilege	2000	4674e41064471788442b3b712c152414.exe

C:\Users\Admin\AppData\Local\Temp\4674e41064471788442b3b712c152414.exe
"C:\Users\Admin\AppData\Local\Temp\4674e41064471788442b3b712c152414.exe"
1⤵
- Suspicious use of AdjustPrivilegeToken
PID:2000

memory/2000-0-0x0000000001390000-0x0000000001444000-memory.dmp

Filesize
720KB

Download
memory/2000-1-0x0000000074CA0000-0x000000007538E000-memory.dmp

Filesize
6.9MB

Download
memory/2000-2-0x00000000004E0000-0x0000000000520000-memory.dmp

Filesize
256KB

Download
memory/2000-3-0x0000000074CA0000-0x000000007538E000-memory.dmp

Filesize
6.9MB

Download
memory/2000-4-0x00000000004E0000-0x0000000000520000-memory.dmp

Filesize
256KB

Download