fce7f03031daf72ffc67f58d7ef9d424fa7212efd83cc90326764af7e45a99c3

Analysis

max time kernel
131s
max time network
169s
platform
windows10-2004_x64
resource
win10v2004-20231215-en
resource tags

arch:x64arch:x86image:win10v2004-20231215-enlocale:en-usos:windows10-2004-x64system
submitted
30/12/2023, 06:49

Target

1170d1b81c14da907c41a6775a2600ff.exe
Size

9KB
MD5

1170d1b81c14da907c41a6775a2600ff
SHA1

f42a6adf71944e1bfc0a75ffae270e86654598da
SHA256

fce7f03031daf72ffc67f58d7ef9d424fa7212efd83cc90326764af7e45a99c3
SHA512

e674ab5df10c5f89df2dc60fc405e55c8c1d285c63a370b498d7f3296a04a174ab5e4dbe8de1548327a76ef25c2da9af7818100d840ec4a094d8a0487050d6d7
SSDEEP

192:eBksuXzHNQ47eMZZ3J93VnjdwqzR3xb6LIiW:xHr7eMzFnhwqlBb68i

Score

1^/10

Suspicious use of AdjustPrivilegeToken 1 IoCs

description	pid	Process
Token: SeDebugPrivilege	2340	1170d1b81c14da907c41a6775a2600ff.exe

C:\Users\Admin\AppData\Local\Temp\1170d1b81c14da907c41a6775a2600ff.exe
"C:\Users\Admin\AppData\Local\Temp\1170d1b81c14da907c41a6775a2600ff.exe"
1⤵
- Suspicious use of AdjustPrivilegeToken
PID:2340

memory/2340-0-0x0000000000630000-0x0000000000638000-memory.dmp

Filesize
32KB

Download
memory/2340-2-0x00007FFD73C80000-0x00007FFD74741000-memory.dmp

Filesize
10.8MB

Download
memory/2340-3-0x0000000002820000-0x000000000285C000-memory.dmp

Filesize
240KB

Download
memory/2340-1-0x0000000000E00000-0x0000000000E12000-memory.dmp

Filesize
72KB

Download
memory/2340-4-0x000000001B4F0000-0x000000001B500000-memory.dmp

Filesize
64KB

Download
memory/2340-5-0x00007FFD73C80000-0x00007FFD74741000-memory.dmp

Filesize
10.8MB

Download
memory/2340-6-0x000000001B4F0000-0x000000001B500000-memory.dmp

Filesize
64KB

Download
memory/2340-7-0x00007FFD73C80000-0x00007FFD74741000-memory.dmp

Filesize
10.8MB

Download