9f75d5a1e3d6e244f426a373701e883a1a48ca4cb501f14471d7c310e5fb9db7

Analysis

max time kernel
117s
max time network
118s
platform
windows7_x64
resource
win7-20231215-en
resource tags

arch:x64arch:x86image:win7-20231215-enlocale:en-usos:windows7-x64system
submitted
25/01/2024, 17:23

Target

75152280439d427decd1bd51e3205dfb.exe
Size

746KB
MD5

75152280439d427decd1bd51e3205dfb
SHA1

56c632bbdd9fee0f3858857bbcd2f01cb961a90a
SHA256

9f75d5a1e3d6e244f426a373701e883a1a48ca4cb501f14471d7c310e5fb9db7
SHA512

9831b6a60699ba964f32100d3cfc124689bc2ef849a053b464e6f7cf6c0a1df03636c90f3fd6e5ddbf4a8ee44e4bfc95144ce5d1a40c2ee0368882faf5367be2
SSDEEP

12288:PRn8S++U4u/n/80dW5A0zyo6JwQ5oAlK+GbGvZPIkyNQQ52LYRg08yPwDRYqr:Z8MU4ufxdW5A2mJr/khGvBIkyB3Y5

Score

1^/10

Suspicious use of AdjustPrivilegeToken 1 IoCs

description	pid	Process
Token: SeDebugPrivilege	1896	75152280439d427decd1bd51e3205dfb.exe

C:\Users\Admin\AppData\Local\Temp\75152280439d427decd1bd51e3205dfb.exe
"C:\Users\Admin\AppData\Local\Temp\75152280439d427decd1bd51e3205dfb.exe"
1⤵
- Suspicious use of AdjustPrivilegeToken
PID:1896

memory/1896-1-0x00000000001F0000-0x00000000001F1000-memory.dmp

Filesize
4KB

Download
memory/1896-0-0x0000000000400000-0x00000000004C2000-memory.dmp

Filesize
776KB

Download
memory/1896-2-0x0000000000400000-0x00000000004C2000-memory.dmp

Filesize
776KB

Download