04e3f37cfd7e14503edbc3656e291e0dddb7f88bec2b8781e5abf7f8a1c762ab

Analysis

max time kernel
149s
max time network
154s
platform
windows10-2004_x64
resource
win10v2004-20231215-en
resource tags

arch:x64arch:x86image:win10v2004-20231215-enlocale:en-usos:windows10-2004-x64system
submitted
26/12/2023, 07:35

Target

5cde32efaf89f095cafb46eb7ad600f4.exe
Size

9KB
MD5

5cde32efaf89f095cafb46eb7ad600f4
SHA1

5c887efbcfd8360249e47714d7ee1b98b78c8b7f
SHA256

04e3f37cfd7e14503edbc3656e291e0dddb7f88bec2b8781e5abf7f8a1c762ab
SHA512

cf931714d40a90368cae9601fdddd38d118bb9f5097b0200e8cd1416ba67ee0c00a74e4aef0e43a9bc9b76ae6b837cb8d0f1492c8ce3d3e48d5be566bf3be8b6
SSDEEP

192:+BksuXzHNQv3eMZZ3V93Vnjdwqzq3XuOXIa:RHo3eMHFnhwqGnuOXI

Score

1^/10

Suspicious use of AdjustPrivilegeToken 1 IoCs

description	pid	Process
Token: SeDebugPrivilege	3076	5cde32efaf89f095cafb46eb7ad600f4.exe

C:\Users\Admin\AppData\Local\Temp\5cde32efaf89f095cafb46eb7ad600f4.exe
"C:\Users\Admin\AppData\Local\Temp\5cde32efaf89f095cafb46eb7ad600f4.exe"
1⤵
- Suspicious use of AdjustPrivilegeToken
PID:3076

memory/3076-0-0x0000000000290000-0x0000000000298000-memory.dmp

Filesize
32KB

Download
memory/3076-1-0x0000000002310000-0x0000000002322000-memory.dmp

Filesize
72KB

Download
memory/3076-3-0x00007FFD39670000-0x00007FFD3A131000-memory.dmp

Filesize
10.8MB

Download
memory/3076-4-0x000000001B120000-0x000000001B130000-memory.dmp

Filesize
64KB

Download
memory/3076-2-0x0000000002370000-0x00000000023AC000-memory.dmp

Filesize
240KB

Download
memory/3076-5-0x00007FFD39670000-0x00007FFD3A131000-memory.dmp

Filesize
10.8MB

Download
memory/3076-6-0x00007FFD39670000-0x00007FFD3A131000-memory.dmp

Filesize
10.8MB

Download