aee4034f10c8724f0278ec1c9548ea09fe688f6f6ab9c08ec3dbb01e1942837e

Analysis

max time kernel
117s
max time network
123s
platform
windows10-2004_x64
resource
win10v2004-20231215-en
resource tags

arch:x64arch:x86image:win10v2004-20231215-enlocale:en-usos:windows10-2004-x64system
submitted
30-12-2023 22:32

Target

1e898d5a4caddaed0c634a2bebcb3f75.exe
Size

9KB
MD5

1e898d5a4caddaed0c634a2bebcb3f75
SHA1

00da72ed635b86b643a6b250470e33856786d07d
SHA256

aee4034f10c8724f0278ec1c9548ea09fe688f6f6ab9c08ec3dbb01e1942837e
SHA512

bbe74cc2d3a35e815b20120fda993a023f99c154b5e937734caa0d62d1201d3cb9b60d8e1143768346a4be0d20727b544f1812b683ff5b8bad6cefebabd282d8
SSDEEP

192:VBksuz9MuIs6eMZZ3g93VnjdwqzO3wZRnujp6:6lt6eMkFnhwqaAZxuj

Score

1^/10

Suspicious use of AdjustPrivilegeToken 1 IoCs

description	pid	Process
Token: SeDebugPrivilege	4800	1e898d5a4caddaed0c634a2bebcb3f75.exe

C:\Users\Admin\AppData\Local\Temp\1e898d5a4caddaed0c634a2bebcb3f75.exe
"C:\Users\Admin\AppData\Local\Temp\1e898d5a4caddaed0c634a2bebcb3f75.exe"
1⤵
- Suspicious use of AdjustPrivilegeToken
PID:4800

memory/4800-0-0x0000000000F60000-0x0000000000F68000-memory.dmp

Filesize
32KB

Download
memory/4800-1-0x0000000003110000-0x0000000003122000-memory.dmp

Filesize
72KB

Download
memory/4800-3-0x0000000003170000-0x00000000031AC000-memory.dmp

Filesize
240KB

Download
memory/4800-2-0x00007FFB6ADC0000-0x00007FFB6B881000-memory.dmp

Filesize
10.8MB

Download
memory/4800-4-0x000000001BDB0000-0x000000001BDC0000-memory.dmp

Filesize
64KB

Download
memory/4800-5-0x00007FFB6ADC0000-0x00007FFB6B881000-memory.dmp

Filesize
10.8MB

Download
memory/4800-6-0x00007FFB6ADC0000-0x00007FFB6B881000-memory.dmp

Filesize
10.8MB

Download