b5b2758599caa748a73bba034c51ee76403005a6f39b530450326de088e5447c

Analysis

max time kernel
152s
max time network
162s
platform
windows10-2004_x64
resource
win10v2004-20231215-en
resource tags

arch:x64arch:x86image:win10v2004-20231215-enlocale:en-usos:windows10-2004-x64system
submitted
30/12/2023, 08:58

Target

13e7ee2379f739bcdf874407ff4f8ecb.exe
Size

9KB
MD5

13e7ee2379f739bcdf874407ff4f8ecb
SHA1

e4c13dfdacd7e370bebab611b5e1cd035d05cb8f
SHA256

b5b2758599caa748a73bba034c51ee76403005a6f39b530450326de088e5447c
SHA512

837c5b3150a37e2aa32197dd168f5d79496abe0f70116e771d77c93503de5cc5954d2fa2694df14da5ef874b0c0edb46a4cc07515392d7320ba69e08b2ccb1d8
SSDEEP

192:ZBksuzPY82gQv5F4wtCeMZZ3L93VnjdwCz773S+1:382l4wtCeMFFnhwCrC+

Score

1^/10

Suspicious use of AdjustPrivilegeToken 1 IoCs

description	pid	Process
Token: SeDebugPrivilege	5064	13e7ee2379f739bcdf874407ff4f8ecb.exe

C:\Users\Admin\AppData\Local\Temp\13e7ee2379f739bcdf874407ff4f8ecb.exe
"C:\Users\Admin\AppData\Local\Temp\13e7ee2379f739bcdf874407ff4f8ecb.exe"
1⤵
- Suspicious use of AdjustPrivilegeToken
PID:5064

memory/5064-0-0x00000000004D0000-0x00000000004D8000-memory.dmp

Filesize
32KB

Download
memory/5064-1-0x00007FFBE7020000-0x00007FFBE7AE1000-memory.dmp

Filesize
10.8MB

Download
memory/5064-2-0x0000000002550000-0x0000000002562000-memory.dmp

Filesize
72KB

Download
memory/5064-3-0x00000000025D0000-0x000000000260C000-memory.dmp

Filesize
240KB

Download
memory/5064-4-0x000000001B420000-0x000000001B430000-memory.dmp

Filesize
64KB

Download
memory/5064-5-0x00007FFBE7020000-0x00007FFBE7AE1000-memory.dmp

Filesize
10.8MB

Download
memory/5064-6-0x000000001B420000-0x000000001B430000-memory.dmp

Filesize
64KB

Download
memory/5064-7-0x00007FFBE7020000-0x00007FFBE7AE1000-memory.dmp

Filesize
10.8MB

Download