blackguard | c636563c1696739bb233b88ee58204e2d369f6fd6ea96caec55662ee408f3ead

Analysis

max time kernel
118s
max time network
120s
platform
windows7_x64
resource
win7-20231215-en
resource tags

arch:x64arch:x86image:win7-20231215-enlocale:en-usos:windows7-x64system
submitted
05-01-2024 01:03

Target

c636563c1696739bb233b88ee58204e2d369f6fd6ea96caec55662ee408f3ead.exe
Size

10.4MB
MD5

7cdcb067b3d76e130357bdc14241b4f9
SHA1

f8c67b66a826b743ea8c43092e02dce2d5321e7c
SHA256

c636563c1696739bb233b88ee58204e2d369f6fd6ea96caec55662ee408f3ead
SHA512

be8147ae866576709c62ed9ab4fdf8c0a79fbf6c9a70d4d3c6b7818b9d5ce9671b8e8035eccd30bdfcacfcded1c3a802c2bd9657280df9bec1b012da2f244fed
SSDEEP

196608:EJ06w1zHcTYlA6TdBygW5VJ95B6TdJ3Cq6Tdv:w0x1HKcFjF8IjSjp

Score

10^/10

Suspicious use of AdjustPrivilegeToken 1 IoCs

description	pid	Process
Token: SeDebugPrivilege	816	c636563c1696739bb233b88ee58204e2d369f6fd6ea96caec55662ee408f3ead.exe

C:\Users\Admin\AppData\Local\Temp\c636563c1696739bb233b88ee58204e2d369f6fd6ea96caec55662ee408f3ead.exe
"C:\Users\Admin\AppData\Local\Temp\c636563c1696739bb233b88ee58204e2d369f6fd6ea96caec55662ee408f3ead.exe"
1⤵
- Suspicious use of AdjustPrivilegeToken
PID:816

memory/816-0-0x0000000000C90000-0x00000000016F2000-memory.dmp

Filesize
10.4MB

Download
memory/816-1-0x000007FEF5900000-0x000007FEF62EC000-memory.dmp

Filesize
9.9MB

Download
memory/816-2-0x000000001B3B0000-0x000000001B430000-memory.dmp

Filesize
512KB

Download
memory/816-3-0x000000001B3B0000-0x000000001B430000-memory.dmp

Filesize
512KB

Download
memory/816-4-0x000000001B3B0000-0x000000001B430000-memory.dmp

Filesize
512KB

Download
memory/816-5-0x000007FEF5900000-0x000007FEF62EC000-memory.dmp

Filesize
9.9MB

Download