05005befc3b9118d9a636343266e03b130ef74190c834d84ed8685857e71f158

Analysis

max time kernel
120s
max time network
124s
platform
windows7_x64
resource
win7-20231215-en
resource tags

arch:x64arch:x86image:win7-20231215-enlocale:en-usos:windows7-x64system
submitted
31/12/2023, 01:13

Target

22a1eb7c187951122638ceb563fc87e9.exe
Size

492KB
MD5

22a1eb7c187951122638ceb563fc87e9
SHA1

1a8260c0bec8d3c5713a2544a89ff8bcde9b3a2d
SHA256

05005befc3b9118d9a636343266e03b130ef74190c834d84ed8685857e71f158
SHA512

bc98cb8b0ae1a1a53f17be666c65082ad07560afd66fd93e30916dbe0746f20b9f74a59cf770f3fe2a79b52760cd09fb1e394eb6b5f097a650550cff009025c3
SSDEEP

6144:E1hLq7U6gkdySLwhhP+91Dzshv/54V4w2yEdve1e/nyvdkyh38kRoOnrd5iAuL:E1E6kXLqK18t3syvEJvv3i4rPid

Score

1^/10

Suspicious use of AdjustPrivilegeToken 1 IoCs

description	pid	Process
Token: SeDebugPrivilege	1944	22a1eb7c187951122638ceb563fc87e9.exe

C:\Users\Admin\AppData\Local\Temp\22a1eb7c187951122638ceb563fc87e9.exe
"C:\Users\Admin\AppData\Local\Temp\22a1eb7c187951122638ceb563fc87e9.exe"
1⤵
- Suspicious use of AdjustPrivilegeToken
PID:1944

memory/1944-0-0x0000000074D70000-0x000000007545E000-memory.dmp

Filesize
6.9MB

Download
memory/1944-1-0x00000000002E0000-0x0000000000362000-memory.dmp

Filesize
520KB

Download
memory/1944-2-0x0000000004D30000-0x0000000004D70000-memory.dmp

Filesize
256KB

Download
memory/1944-3-0x0000000004D30000-0x0000000004D70000-memory.dmp

Filesize
256KB

Download
memory/1944-4-0x0000000074D70000-0x000000007545E000-memory.dmp

Filesize
6.9MB

Download
memory/1944-5-0x0000000004D30000-0x0000000004D70000-memory.dmp

Filesize
256KB

Download