6ae27f27815f5047518743f5daf9e79bf4ef5b7aa464f2a2cae087f2e27e6847

Analysis

max time kernel
12s
max time network
120s
platform
windows10-2004_x64
resource
win10v2004-20231222-en
resource tags

arch:x64arch:x86image:win10v2004-20231222-enlocale:en-usos:windows10-2004-x64system
submitted
26-12-2023 07:40

Target

5d21994cf58a766cffeaa0b90b824d18.exe
Size

9KB
MD5

5d21994cf58a766cffeaa0b90b824d18
SHA1

f51f288ded9f989a1659c5f03d55b7baaa182c6d
SHA256

6ae27f27815f5047518743f5daf9e79bf4ef5b7aa464f2a2cae087f2e27e6847
SHA512

9f8befe8ba699e3b3bc8b6e8640e33cd1f0ce13ef5ace179b82a6c9a3afa75c27b5ad9c8f9cbeeee36ac1eac27746dabbdaa8cb4fdb575838d00d33d88d60b10
SSDEEP

192:KBksuzPY82gQv5F4nHtHeMZZ3A93VnjdwCzY3U7J:K82l4HtHeMsFnhwCEE7

Score

1^/10

Suspicious use of AdjustPrivilegeToken 1 IoCs

description	pid	Process
Token: SeDebugPrivilege	1908	5d21994cf58a766cffeaa0b90b824d18.exe

C:\Users\Admin\AppData\Local\Temp\5d21994cf58a766cffeaa0b90b824d18.exe
"C:\Users\Admin\AppData\Local\Temp\5d21994cf58a766cffeaa0b90b824d18.exe"
1⤵
- Suspicious use of AdjustPrivilegeToken
PID:1908

memory/1908-0-0x0000000000C20000-0x0000000000C28000-memory.dmp

Filesize
32KB

Download
memory/1908-3-0x0000000002D00000-0x0000000002D3C000-memory.dmp

Filesize
240KB

Download
memory/1908-2-0x00007FF91F580000-0x00007FF920041000-memory.dmp

Filesize
10.8MB

Download
memory/1908-4-0x0000000002DD0000-0x0000000002DE0000-memory.dmp

Filesize
64KB

Download
memory/1908-1-0x0000000002CA0000-0x0000000002CB2000-memory.dmp

Filesize
72KB

Download
memory/1908-5-0x00007FF91F580000-0x00007FF920041000-memory.dmp

Filesize
10.8MB

Download
memory/1908-6-0x00007FF91F580000-0x00007FF920041000-memory.dmp

Filesize
10.8MB

Download