b7175b1b214e756a41e53e153112f0edcf7995c85a1de4ab7a7f3831dfece11d

Analysis

max time kernel
149s
max time network
159s
platform
windows10-2004_x64
resource
win10v2004-20231215-en
resource tags

arch:x64arch:x86image:win10v2004-20231215-enlocale:en-usos:windows10-2004-x64system
submitted
27-01-2024 12:53

Target

DragonKMS v23.05.26.exe
Size

684KB
MD5

be2b108f96afe013562efd65b18c5ae7
SHA1

6f7b559c26ba9aa1fdec6cfa207df3543805c24d
SHA256

b7175b1b214e756a41e53e153112f0edcf7995c85a1de4ab7a7f3831dfece11d
SHA512

ae3e889dc0dc8eca4c0065b63b75a114e36e47378a0ec11a86cbff75040097549234f05d54a4faa6cdf9915d62076c79dbc1314bfdbc7aa9ad5b4a01ad2c280f
SSDEEP

3072:0ii21OqrjuAphexHexHexHexHex5exvLu:0B21OqxQQQQY+

Score

1^/10

Suspicious use of AdjustPrivilegeToken 1 IoCs

description	pid	Process
Token: SeDebugPrivilege	3156	DragonKMS v23.05.26.exe

C:\Users\Admin\AppData\Local\Temp\DragonKMS v23.05.26.exe
"C:\Users\Admin\AppData\Local\Temp\DragonKMS v23.05.26.exe"
1⤵
- Suspicious use of AdjustPrivilegeToken
PID:3156

memory/3156-0-0x0000000000C30000-0x0000000000CE0000-memory.dmp

Filesize
704KB

Download
memory/3156-1-0x00007FFA22360000-0x00007FFA22E21000-memory.dmp

Filesize
10.8MB

Download
memory/3156-2-0x000000001BC90000-0x000000001BCA0000-memory.dmp

Filesize
64KB

Download
memory/3156-3-0x000000001BC90000-0x000000001BCA0000-memory.dmp

Filesize
64KB

Download
memory/3156-4-0x00007FFA22360000-0x00007FFA22E21000-memory.dmp

Filesize
10.8MB

Download
memory/3156-5-0x000000001BC90000-0x000000001BCA0000-memory.dmp

Filesize
64KB

Download
memory/3156-6-0x000000001BC90000-0x000000001BCA0000-memory.dmp

Filesize
64KB

Download