30c0c5425085d5415b5f71372bc93161f3a525a7c62ade80a694ee92a860e154

Analysis

max time kernel
143s
max time network
148s
platform
windows10-2004_x64
resource
win10v2004-20231222-en
resource tags

arch:x64arch:x86image:win10v2004-20231222-enlocale:en-usos:windows10-2004-x64system
submitted
26-12-2023 09:28

Target

63cb6488aa82cf80ae4d88937731393e.exe
Size

9KB
MD5

63cb6488aa82cf80ae4d88937731393e
SHA1

093ccca9b2e8d6111798c8dbf12c0e2256955175
SHA256

30c0c5425085d5415b5f71372bc93161f3a525a7c62ade80a694ee92a860e154
SHA512

cb3245654bb64758c02814824a1dd2402306b94e4273da005c6ede326d8070999c94c1159e19d73ec8341201d545ed0ec118479e3c8216a0d4e117068af63313
SSDEEP

192:vBksuHrN3y+70eMZZ3X93VnjdwCzh30Y:YZR0eMpFnhwClE

Score

1^/10

Suspicious use of AdjustPrivilegeToken 1 IoCs

description	pid	Process
Token: SeDebugPrivilege	3236	63cb6488aa82cf80ae4d88937731393e.exe

C:\Users\Admin\AppData\Local\Temp\63cb6488aa82cf80ae4d88937731393e.exe
"C:\Users\Admin\AppData\Local\Temp\63cb6488aa82cf80ae4d88937731393e.exe"
1⤵
- Suspicious use of AdjustPrivilegeToken
PID:3236

memory/3236-0-0x0000000000560000-0x0000000000568000-memory.dmp

Filesize
32KB

Download
memory/3236-3-0x000000001B090000-0x000000001B0CC000-memory.dmp

Filesize
240KB

Download
memory/3236-4-0x000000001B320000-0x000000001B330000-memory.dmp

Filesize
64KB

Download
memory/3236-2-0x00007FFCF94A0000-0x00007FFCF9F61000-memory.dmp

Filesize
10.8MB

Download
memory/3236-1-0x00000000025E0000-0x00000000025F2000-memory.dmp

Filesize
72KB

Download
memory/3236-5-0x00007FFCF94A0000-0x00007FFCF9F61000-memory.dmp

Filesize
10.8MB

Download
memory/3236-6-0x00007FFCF94A0000-0x00007FFCF9F61000-memory.dmp

Filesize
10.8MB

Download