19b66da1ebfb2edeeddfa0d93dde0a19c3caf19ab84b930f2c68ec492e46f6e2

Analysis

max time kernel
146s
max time network
149s
platform
windows10-2004_x64
resource
win10v2004-20231222-en
resource tags

arch:x64arch:x86image:win10v2004-20231222-enlocale:en-usos:windows10-2004-x64system
submitted
09-01-2024 02:20

Target

4d16d7a7b82f8c135d6ec4fc8f8cb902.exe
Size

1.6MB
MD5

4d16d7a7b82f8c135d6ec4fc8f8cb902
SHA1

5020d4b59ae9b74066b3a89706e5b4684398514c
SHA256

19b66da1ebfb2edeeddfa0d93dde0a19c3caf19ab84b930f2c68ec492e46f6e2
SHA512

046cd558d041626fbed398f3ad9c2951f0efa5e05c9bbeef5bf8e089347f72c2a53690a1379a1ed18712b7f7dab104a995462634e1f292154a3dcfa41389aff4
SSDEEP

12288:fj0bidyzNJbT7SL3zKScuzkB/X/2xlsxjbN3FFcSRPPbYNtGDtCACm/Ub:fQfBScuzKPgssStPUvgtH8b

Score

1^/10

Suspicious use of AdjustPrivilegeToken 1 IoCs

description	pid	Process
Token: SeManageVolumePrivilege	1064	svchost.exe

C:\Users\Admin\AppData\Local\Temp\4d16d7a7b82f8c135d6ec4fc8f8cb902.exe
"C:\Users\Admin\AppData\Local\Temp\4d16d7a7b82f8c135d6ec4fc8f8cb902.exe"
1⤵
PID:4260

C:\Windows\system32\rundll32.exe
"C:\Windows\system32\rundll32.exe" "C:\Windows\SYSTEM32\EDGEHTML.dll",#141 Microsoft.VCLibs.140.00_8wekyb3d8bbwe
1⤵
PID:2692

C:\Windows\System32\svchost.exe
C:\Windows\System32\svchost.exe -k UnistackSvcGroup
1⤵
- Suspicious use of AdjustPrivilegeToken
PID:1064

memory/1064-32-0x000001C43D510000-0x000001C43D511000-memory.dmp

Filesize
4KB

Download
memory/1064-36-0x000001C43D650000-0x000001C43D651000-memory.dmp

Filesize
4KB

Download
memory/1064-35-0x000001C43D540000-0x000001C43D541000-memory.dmp

Filesize
4KB

Download
memory/1064-34-0x000001C43D540000-0x000001C43D541000-memory.dmp

Filesize
4KB

Download
memory/1064-16-0x000001C4351A0000-0x000001C4351B0000-memory.dmp

Filesize
64KB

Download
memory/1064-0-0x000001C4350A0000-0x000001C4350B0000-memory.dmp

Filesize
64KB

Download