357bb601ab1edc684480fefb40bfc9294aa21df2cd216250a930b710452a46e6

Analysis

max time kernel
148s
max time network
152s
platform
windows10-2004_x64
resource
win10v2004-20231215-en
resource tags

arch:x64arch:x86image:win10v2004-20231215-enlocale:en-usos:windows10-2004-x64system
submitted
30-12-2023 10:52

Target

1676b56e4b18a35129103d5b107f5df4.exe
Size

9KB
MD5

1676b56e4b18a35129103d5b107f5df4
SHA1

0751bb19f84cd4dc03448d256c36888fb1857ebe
SHA256

357bb601ab1edc684480fefb40bfc9294aa21df2cd216250a930b710452a46e6
SHA512

5a4fc88a4545e6afe23455e8d930bf4ed422612c0817956b4105cc472222c05aabc9e7eac235cf2a89fad386d209cf68c106a9bcb61fd9cff2b028e83e8fee3c
SSDEEP

192:kBksuzPY82gQv5F4ZtpeMZZ3i93VnjdwCz8306VQy:082l4ZtpeMGFnhwCYE6VQ

Score

1^/10

Suspicious use of AdjustPrivilegeToken 1 IoCs

description	pid	Process
Token: SeDebugPrivilege	4524	1676b56e4b18a35129103d5b107f5df4.exe

C:\Users\Admin\AppData\Local\Temp\1676b56e4b18a35129103d5b107f5df4.exe
"C:\Users\Admin\AppData\Local\Temp\1676b56e4b18a35129103d5b107f5df4.exe"
1⤵
- Suspicious use of AdjustPrivilegeToken
PID:4524

memory/4524-0-0x00000000005C0000-0x00000000005C8000-memory.dmp

Filesize
32KB

Download
memory/4524-1-0x0000000000C80000-0x0000000000C92000-memory.dmp

Filesize
72KB

Download
memory/4524-3-0x00007FFEA6D30000-0x00007FFEA77F1000-memory.dmp

Filesize
10.8MB

Download
memory/4524-4-0x00000000027B0000-0x00000000027C0000-memory.dmp

Filesize
64KB

Download
memory/4524-2-0x00000000026E0000-0x000000000271C000-memory.dmp

Filesize
240KB

Download
memory/4524-5-0x00007FFEA6D30000-0x00007FFEA77F1000-memory.dmp

Filesize
10.8MB

Download
memory/4524-6-0x00007FFEA6D30000-0x00007FFEA77F1000-memory.dmp

Filesize
10.8MB

Download