41f4e6985ca71db5e8b751b29b6303a9acb445ae0fcc30887610714b23edb583

Analysis

max time kernel
119s
max time network
122s
platform
windows7_x64
resource
win7-20231215-en
resource tags

arch:x64arch:x86image:win7-20231215-enlocale:en-usos:windows7-x64system
submitted
15/01/2024, 04:34

Target

41f4e6985ca71db5e8b751b29b6303a9acb445ae0fcc30887610714b23edb583.exe
Size

706KB
MD5

8be9ad2944a4b45550ddc6a830b273f4
SHA1

de0f294342fed22ce05ce8d9c88f92c9b9831ee8
SHA256

41f4e6985ca71db5e8b751b29b6303a9acb445ae0fcc30887610714b23edb583
SHA512

dd26cd41be463bc6311fa4d60c31c8f4585559182197c966f1b88a704bf5ea5725e9da3a5b2df931dd504e07ce894a4c88f938162ac6f3407bab2781e3eeb19f
SSDEEP

12288:+AiB+t37d0NxksRpWE9FRHSfNm1wgbIxnBw7dzE+e3gxZC6LgjigDy5fdv8fWi+:+AiBWCks7WE9F5pwg8zmdqQjC60jiHkU

Score

1^/10

Suspicious use of AdjustPrivilegeToken 1 IoCs

description	pid	Process
Token: SeTakeOwnershipPrivilege	2504	41f4e6985ca71db5e8b751b29b6303a9acb445ae0fcc30887610714b23edb583.exe

C:\Users\Admin\AppData\Local\Temp\41f4e6985ca71db5e8b751b29b6303a9acb445ae0fcc30887610714b23edb583.exe
"C:\Users\Admin\AppData\Local\Temp\41f4e6985ca71db5e8b751b29b6303a9acb445ae0fcc30887610714b23edb583.exe"
1⤵
- Suspicious use of AdjustPrivilegeToken
PID:2504

memory/2504-0-0x0000000000400000-0x00000000004B5000-memory.dmp

Filesize
724KB

Download
memory/2504-1-0x00000000004C0000-0x0000000000527000-memory.dmp

Filesize
412KB

Download
memory/2504-6-0x00000000004C0000-0x0000000000527000-memory.dmp

Filesize
412KB

Download
memory/2504-7-0x00000000004C0000-0x0000000000527000-memory.dmp

Filesize
412KB

Download
memory/2504-12-0x0000000000400000-0x00000000004B5000-memory.dmp

Filesize
724KB

Download