3e57200a274cd4166cc6ff76d3cb7289893a660bbfa62662738099602fc86853

Analysis

max time kernel
157s
max time network
175s
platform
windows10-2004_x64
resource
win10v2004-20231215-en
resource tags

arch:x64arch:x86image:win10v2004-20231215-enlocale:en-usos:windows10-2004-x64system
submitted
09/01/2024, 19:35

Target

4f08cfa56f2be1fdbadf11e853c586a7.exe
Size

9KB
MD5

4f08cfa56f2be1fdbadf11e853c586a7
SHA1

df26e47b254d30a9f2094d74da7d8f3ecb2df8d8
SHA256

3e57200a274cd4166cc6ff76d3cb7289893a660bbfa62662738099602fc86853
SHA512

76c68e71186efec23745f898353945fb9b57ba218c060c8bed8757e1a85355423c35a3bb64be1baeb734ee420ec1ac8453f4d51ad4cd515c7cf3e69db31e9ca7
SSDEEP

192:VBksuXm6N7oy1U4eMZZ3693Vnjdwqz33p4knP:t4xa4eMWFnhwq7X

Score

1^/10

Suspicious use of AdjustPrivilegeToken 1 IoCs

description	pid	Process
Token: SeDebugPrivilege	2364	4f08cfa56f2be1fdbadf11e853c586a7.exe

C:\Users\Admin\AppData\Local\Temp\4f08cfa56f2be1fdbadf11e853c586a7.exe
"C:\Users\Admin\AppData\Local\Temp\4f08cfa56f2be1fdbadf11e853c586a7.exe"
1⤵
- Suspicious use of AdjustPrivilegeToken
PID:2364

memory/2364-0-0x0000000000560000-0x0000000000568000-memory.dmp

Filesize
32KB

Download
memory/2364-1-0x00007FF9B68C0000-0x00007FF9B7381000-memory.dmp

Filesize
10.8MB

Download
memory/2364-2-0x0000000002600000-0x0000000002612000-memory.dmp

Filesize
72KB

Download
memory/2364-3-0x0000000002660000-0x000000000269C000-memory.dmp

Filesize
240KB

Download
memory/2364-4-0x00007FF9B68C0000-0x00007FF9B7381000-memory.dmp

Filesize
10.8MB

Download
memory/2364-5-0x000000001B3F0000-0x000000001B400000-memory.dmp

Filesize
64KB

Download
memory/2364-6-0x000000001B3F0000-0x000000001B400000-memory.dmp

Filesize
64KB

Download
memory/2364-7-0x00007FF9B68C0000-0x00007FF9B7381000-memory.dmp

Filesize
10.8MB

Download