dc7f2949ffa0cd611cc96b1e08b755da1ca9958d78b0c0d72f37dc36642c81bf

Analysis

max time kernel
142s
max time network
151s
platform
windows10-2004_x64
resource
win10v2004-20231215-en
resource tags

arch:x64arch:x86image:win10v2004-20231215-enlocale:en-usos:windows10-2004-x64system
submitted
01-02-2024 17:11

Target

876f4371f066adecb4e82aabdc2f7115.exe
Size

27KB
MD5

876f4371f066adecb4e82aabdc2f7115
SHA1

563e2d03e87330ee4e74bb2a00edbf3d25823882
SHA256

dc7f2949ffa0cd611cc96b1e08b755da1ca9958d78b0c0d72f37dc36642c81bf
SHA512

3ddfa89f1f427a5ffda37a18fc2a61839e5c0e3284db28a9e4a8fdb76da7fd035e2ba708cbbdd16c50d01e7b1281028c42a685a19ca0bf957a2a3803dd781c2f
SSDEEP

768:/02TqSHeNCwlLiU7Ok5316sJ6CunyfshA1:M2eYeAwlWQH5PJtuyfJ1

Score

1^/10

Suspicious use of AdjustPrivilegeToken 1 IoCs

description	pid	Process
Token: SeDebugPrivilege	3592	876f4371f066adecb4e82aabdc2f7115.exe

Suspicious use of WriteProcessMemory 6 IoCs

description	pid	Process	procid_target
PID 3592 wrote to memory of 4764	3592	876f4371f066adecb4e82aabdc2f7115.exe	83
PID 3592 wrote to memory of 4764	3592	876f4371f066adecb4e82aabdc2f7115.exe	83
PID 3592 wrote to memory of 4764	3592	876f4371f066adecb4e82aabdc2f7115.exe	83
PID 4764 wrote to memory of 4360	4764	net.exe	85
PID 4764 wrote to memory of 4360	4764	net.exe	85
PID 4764 wrote to memory of 4360	4764	net.exe	85

memory/3592-0-0x0000000000400000-0x000000000041C000-memory.dmp

Filesize
112KB

Download
memory/3592-1-0x0000000000400000-0x000000000041C000-memory.dmp

Filesize
112KB

Download
memory/3592-2-0x00000000004F0000-0x00000000004F1000-memory.dmp

Filesize
4KB

Download
memory/3592-3-0x0000000000400000-0x000000000041C000-memory.dmp

Filesize
112KB

Download
memory/3592-4-0x00000000004F0000-0x00000000004F1000-memory.dmp

Filesize
4KB

Download