cc8bdef955f656bc628c122a417966e4534b73e691ff27f4a01ba867ed7e0995

Analysis

max time kernel
117s
max time network
120s
platform
windows7_x64
resource
win7-20231215-en
resource tags

arch:x64arch:x86image:win7-20231215-enlocale:en-usos:windows7-x64system
submitted
24/01/2024, 13:34

Target

cc8bdef955f656bc628c122a417966e4534b73e691ff27f4a01ba867ed7e0995.exe
Size

1.3MB
MD5

3b46f7db8abd333ac962a2713c4a1acc
SHA1

df26510e2a4cb9d81c3a79c6e0575c572994ce6b
SHA256

cc8bdef955f656bc628c122a417966e4534b73e691ff27f4a01ba867ed7e0995
SHA512

2ec0f00987a130d52eff397ae054d9645df8187cd410cb89ae9d0964ab3fd59a8147c003ea46922d028b52d4046dccc3cdfb0372c8903b3f4bb713128ad215c7
SSDEEP

24576:T7zNkhm5PBnJt2rR8FfBhRJUEbDk1ulUsa:LNEm5ZnJt2r4PRSEk1ulb

Score

1^/10

Suspicious use of AdjustPrivilegeToken 1 IoCs

description	pid	Process
Token: SeTakeOwnershipPrivilege	1988	cc8bdef955f656bc628c122a417966e4534b73e691ff27f4a01ba867ed7e0995.exe

C:\Users\Admin\AppData\Local\Temp\cc8bdef955f656bc628c122a417966e4534b73e691ff27f4a01ba867ed7e0995.exe
"C:\Users\Admin\AppData\Local\Temp\cc8bdef955f656bc628c122a417966e4534b73e691ff27f4a01ba867ed7e0995.exe"
1⤵
- Suspicious use of AdjustPrivilegeToken
PID:1988

memory/1988-0-0x0000000000400000-0x0000000000551000-memory.dmp

Filesize
1.3MB

Download
memory/1988-1-0x0000000000560000-0x00000000005C6000-memory.dmp

Filesize
408KB

Download
memory/1988-7-0x0000000000560000-0x00000000005C6000-memory.dmp

Filesize
408KB

Download
memory/1988-11-0x0000000000400000-0x0000000000551000-memory.dmp

Filesize
1.3MB

Download