aa43e16ddfc996abbcfea9b9aff5aa449765c8876b4c0fc6995987a9047f49da

Analysis

max time kernel
121s
max time network
122s
platform
windows7_x64
resource
win7-20231215-en
resource tags

arch:x64arch:x86image:win7-20231215-enlocale:en-usos:windows7-x64system
submitted
30/12/2023, 00:54

Target

092e149d4e73e377e7d48125480e9126.exe
Size

71KB
MD5

092e149d4e73e377e7d48125480e9126
SHA1

1fe099b2579e2bc089be197e56785c50b7105809
SHA256

aa43e16ddfc996abbcfea9b9aff5aa449765c8876b4c0fc6995987a9047f49da
SHA512

785111fe07f5cf69d09da4e4f9da01d89a0281a59053e3e198279e303419f9e30db566265db2e27a8fe166fd680acb77f8ac331365e4149e796717b158ff7cc9
SSDEEP

1536:GhkAGNPAeNqAWNZAuN0AmNLA+NGA2NFAONwAGNPvAeNvqAWNRAuN8AmNjA+NOA2p:GhkAGNPAeNqAWNZAuN0AmNLA+NGA2NF1

Score

1^/10

Suspicious use of AdjustPrivilegeToken 1 IoCs

description	pid	Process
Token: SeDebugPrivilege	1732	092e149d4e73e377e7d48125480e9126.exe

C:\Users\Admin\AppData\Local\Temp\092e149d4e73e377e7d48125480e9126.exe
"C:\Users\Admin\AppData\Local\Temp\092e149d4e73e377e7d48125480e9126.exe"
1⤵
- Suspicious use of AdjustPrivilegeToken
PID:1732

memory/1732-0-0x000007FEF5CA0000-0x000007FEF663D000-memory.dmp

Filesize
9.6MB

Download
memory/1732-2-0x000007FEF5CA0000-0x000007FEF663D000-memory.dmp

Filesize
9.6MB

Download
memory/1732-3-0x0000000002120000-0x00000000021A0000-memory.dmp

Filesize
512KB

Download
memory/1732-1-0x0000000002120000-0x00000000021A0000-memory.dmp

Filesize
512KB

Download
memory/1732-4-0x000007FEF5CA0000-0x000007FEF663D000-memory.dmp

Filesize
9.6MB

Download