00f78150bac1850fe547451286e06f62299a2c1521624f5b6c542bc940f91c25

Analysis

max time kernel
145s
max time network
158s
platform
windows10-2004_x64
resource
win10v2004-20231215-en
resource tags

arch:x64arch:x86image:win10v2004-20231215-enlocale:en-usos:windows10-2004-x64system
submitted
31/12/2023, 07:16

Target

2d044cb9612f62dfd61475e6fb0f6939.exe
Size

9KB
MD5

2d044cb9612f62dfd61475e6fb0f6939
SHA1

61933f2514009b46bc4c163072e094c7345dc87b
SHA256

00f78150bac1850fe547451286e06f62299a2c1521624f5b6c542bc940f91c25
SHA512

ce309d5da9a04987c72f6b7cb7a561f34be458334e6706012260321d8adc0ee49216c12f0c7249b860bd341231818538a7dede05b443ccebc3621cc4609da352
SSDEEP

192:pBksu39MuIW1eMZZ3193Vnjdwqzb33sVU:6lD1eMfFnhwqnsV

Score

1^/10

Suspicious use of AdjustPrivilegeToken 1 IoCs

description	pid	Process
Token: SeDebugPrivilege	2300	2d044cb9612f62dfd61475e6fb0f6939.exe

C:\Users\Admin\AppData\Local\Temp\2d044cb9612f62dfd61475e6fb0f6939.exe
"C:\Users\Admin\AppData\Local\Temp\2d044cb9612f62dfd61475e6fb0f6939.exe"
1⤵
- Suspicious use of AdjustPrivilegeToken
PID:2300

memory/2300-0-0x0000000000400000-0x0000000000408000-memory.dmp

Filesize
32KB

Download
memory/2300-2-0x00007FFCF2710000-0x00007FFCF31D1000-memory.dmp

Filesize
10.8MB

Download
memory/2300-1-0x0000000000BC0000-0x0000000000BD2000-memory.dmp

Filesize
72KB

Download
memory/2300-3-0x0000000000C60000-0x0000000000C9C000-memory.dmp

Filesize
240KB

Download
memory/2300-4-0x0000000000C20000-0x0000000000C30000-memory.dmp

Filesize
64KB

Download
memory/2300-5-0x00007FFCF2710000-0x00007FFCF31D1000-memory.dmp

Filesize
10.8MB

Download
memory/2300-6-0x0000000000C20000-0x0000000000C30000-memory.dmp

Filesize
64KB

Download
memory/2300-7-0x00007FFCF2710000-0x00007FFCF31D1000-memory.dmp

Filesize
10.8MB

Download