32cd7715d777f594ab17bd236aed6e98ae373bf612a5b1ee037c6929f2a5a2da

Analysis

max time kernel
158s
max time network
187s
platform
windows10-2004_x64
resource
win10v2004-20231215-en
resource tags

arch:x64arch:x86image:win10v2004-20231215-enlocale:en-usos:windows10-2004-x64system
submitted
26/12/2023, 05:54

Target

5826e89b47e34e96469d54f85c09d206.exe
Size

9KB
MD5

5826e89b47e34e96469d54f85c09d206
SHA1

6c9e4198b270d38fb1287a9fc8c90931f4b7eca1
SHA256

32cd7715d777f594ab17bd236aed6e98ae373bf612a5b1ee037c6929f2a5a2da
SHA512

737404cb51b35e00f43bef298cdf9228deada724acb4005c1ee84c82d5fe751e60d8a56f56678a584250ce3b57d653be1745a3c941b7353cf54cc6ed2d394d00
SSDEEP

192:BBksunPY82gQv5F4zt2eMZZ3n93VnjdwCz03LzHND:T82l4zt2eM5FnhwCQvHN

Score

1^/10

Suspicious use of AdjustPrivilegeToken 1 IoCs

description	pid	Process
Token: SeDebugPrivilege	4132	5826e89b47e34e96469d54f85c09d206.exe

C:\Users\Admin\AppData\Local\Temp\5826e89b47e34e96469d54f85c09d206.exe
"C:\Users\Admin\AppData\Local\Temp\5826e89b47e34e96469d54f85c09d206.exe"
1⤵
- Suspicious use of AdjustPrivilegeToken
PID:4132

memory/4132-0-0x0000000000C10000-0x0000000000C18000-memory.dmp

Filesize
32KB

Download
memory/4132-1-0x0000000002C90000-0x0000000002CA2000-memory.dmp

Filesize
72KB

Download
memory/4132-2-0x000000001B720000-0x000000001B75C000-memory.dmp

Filesize
240KB

Download
memory/4132-3-0x00007FFBE5710000-0x00007FFBE61D1000-memory.dmp

Filesize
10.8MB

Download
memory/4132-4-0x000000001BB20000-0x000000001BB30000-memory.dmp

Filesize
64KB

Download
memory/4132-5-0x00007FFBE5710000-0x00007FFBE61D1000-memory.dmp

Filesize
10.8MB

Download
memory/4132-6-0x000000001BB20000-0x000000001BB30000-memory.dmp

Filesize
64KB

Download
memory/4132-7-0x00007FFBE5710000-0x00007FFBE61D1000-memory.dmp

Filesize
10.8MB

Download