29af1a36104a0658965ae9fde483b4ca9c5c849e3f2edee8c3e3231c5a7a696a

Analysis

max time kernel
119s
max time network
122s
platform
windows7_x64
resource
win7-20231215-en
resource tags

arch:x64arch:x86image:win7-20231215-enlocale:en-usos:windows7-x64system
submitted
12-01-2024 23:07

Target

29af1a36104a0658965ae9fde483b4ca9c5c849e3f2edee8c3e3231c5a7a696a.exe
Size

369KB
MD5

2c8f35dd97166057ed6c064771e26c13
SHA1

a0a9ca5ee34bf0be421885fe8a138d8593140604
SHA256

29af1a36104a0658965ae9fde483b4ca9c5c849e3f2edee8c3e3231c5a7a696a
SHA512

f1a4e012d723a7eadc0725b951ea70995c845dcaf7300fa634d0ed602cba4ea197e90098182cbaabbadfc1fad5ea2156123d7464f3d67fb87ef6317e7ea3d0a2
SSDEEP

6144:vfiVxR3LFaN9aw/m/Q/B/b/R/b/I/F///c/4/3/c/B/4/E/b/4hRUsEr9EAYNClR:vfiVxR3LFaN9aw/m/Q/B/b/R/b/I/F/C

Score

1^/10

Suspicious use of AdjustPrivilegeToken 1 IoCs

description	pid	Process
Token: SeDebugPrivilege	2916	29af1a36104a0658965ae9fde483b4ca9c5c849e3f2edee8c3e3231c5a7a696a.exe

C:\Users\Admin\AppData\Local\Temp\29af1a36104a0658965ae9fde483b4ca9c5c849e3f2edee8c3e3231c5a7a696a.exe
"C:\Users\Admin\AppData\Local\Temp\29af1a36104a0658965ae9fde483b4ca9c5c849e3f2edee8c3e3231c5a7a696a.exe"
1⤵
- Suspicious use of AdjustPrivilegeToken
PID:2916

memory/2916-0-0x0000000000EF0000-0x0000000000F52000-memory.dmp

Filesize
392KB

Download
memory/2916-1-0x0000000074760000-0x0000000074E4E000-memory.dmp

Filesize
6.9MB

Download
memory/2916-2-0x0000000004EC0000-0x0000000004F00000-memory.dmp

Filesize
256KB

Download
memory/2916-3-0x0000000074760000-0x0000000074E4E000-memory.dmp

Filesize
6.9MB

Download