cf35bb2494d4f140c790651592ecef8afc3086383f860611a3df6025bce9e307

Analysis

max time kernel
142s
max time network
150s
platform
windows10-2004_x64
resource
win10v2004-20231215-en
resource tags

arch:x64arch:x86image:win10v2004-20231215-enlocale:en-usos:windows10-2004-x64system
submitted
13-02-2024 01:31

Target

9822e37b127167b7ac8700d5268bc912.exe
Size

9KB
MD5

9822e37b127167b7ac8700d5268bc912
SHA1

c6dced35ac84b9b24e634cbbd013b527515e2578
SHA256

cf35bb2494d4f140c790651592ecef8afc3086383f860611a3df6025bce9e307
SHA512

b36e956e7cecb9a363744110b052690959f6aa294e9efb702080942573646993a6196148109d60699d059e22db65857a75d82affa2a55047ca3b58aec2d64740
SSDEEP

192:FBksuz9MuIK2eMZZ3A93VnjdwqzT3E2TIzK:Klf2eMEFnhwqPU2TIz

Score

1^/10

Suspicious use of AdjustPrivilegeToken 1 IoCs

description	pid	Process
Token: SeDebugPrivilege	4904	9822e37b127167b7ac8700d5268bc912.exe

C:\Users\Admin\AppData\Local\Temp\9822e37b127167b7ac8700d5268bc912.exe
"C:\Users\Admin\AppData\Local\Temp\9822e37b127167b7ac8700d5268bc912.exe"
1⤵
- Suspicious use of AdjustPrivilegeToken
PID:4904

memory/4904-0-0x0000000000A50000-0x0000000000A58000-memory.dmp

Filesize
32KB

Download
memory/4904-1-0x00007FFDB8420000-0x00007FFDB8EE1000-memory.dmp

Filesize
10.8MB

Download
memory/4904-2-0x0000000001220000-0x0000000001232000-memory.dmp

Filesize
72KB

Download
memory/4904-3-0x0000000002B70000-0x0000000002BAC000-memory.dmp

Filesize
240KB

Download
memory/4904-4-0x0000000001250000-0x0000000001260000-memory.dmp

Filesize
64KB

Download
memory/4904-5-0x00007FFDB8420000-0x00007FFDB8EE1000-memory.dmp

Filesize
10.8MB

Download
memory/4904-6-0x00007FFDB8420000-0x00007FFDB8EE1000-memory.dmp

Filesize
10.8MB

Download