e1c0d70500b6aa2fd5c1e1407c96b62df5b16cf36b258e2b16e3864928d847d0

Analysis

max time kernel
141s
max time network
196s
platform
windows7_x64
resource
win7-20231215-en
resource tags

arch:x64arch:x86image:win7-20231215-enlocale:en-usos:windows7-x64system
submitted
29-12-2023 18:06

Target

0008486f70d39be162bf28c0bbfe7d76.exe
Size

682KB
MD5

0008486f70d39be162bf28c0bbfe7d76
SHA1

05c1292697cc676f8d03ed421db89147abf707db
SHA256

e1c0d70500b6aa2fd5c1e1407c96b62df5b16cf36b258e2b16e3864928d847d0
SHA512

49139a468bc0ecffb854fe9eed7edf5dfd81ec53189fec78de2045f93b6b1a48b27c05f69b2e2d969f6822a3f0049d7bc07b873ebef714269bc93b350a69b0ee
SSDEEP

12288:0JhG716qWqYmyDGKcq2P6ISuNBeuWnSI3qbc6WReS:0Jhc16qWlmHKcJp3NPI3NYS

Score

1^/10

Suspicious use of AdjustPrivilegeToken 1 IoCs

description	pid	Process
Token: SeDebugPrivilege	2584	0008486f70d39be162bf28c0bbfe7d76.exe

C:\Users\Admin\AppData\Local\Temp\0008486f70d39be162bf28c0bbfe7d76.exe
"C:\Users\Admin\AppData\Local\Temp\0008486f70d39be162bf28c0bbfe7d76.exe"
1⤵
- Suspicious use of AdjustPrivilegeToken
PID:2584

memory/2584-1-0x0000000074A70000-0x000000007515E000-memory.dmp

Filesize
6.9MB

Download
memory/2584-0-0x0000000000FF0000-0x00000000010A0000-memory.dmp

Filesize
704KB

Download
memory/2584-2-0x0000000004C80000-0x0000000004CC0000-memory.dmp

Filesize
256KB

Download
memory/2584-3-0x0000000074A70000-0x000000007515E000-memory.dmp

Filesize
6.9MB

Download
memory/2584-4-0x0000000004C80000-0x0000000004CC0000-memory.dmp

Filesize
256KB

Download