3556f33f094f4645cc9196b4d88026d39c00c61027c85b45faecd8de69fec1d7

Analysis

max time kernel
140s
max time network
152s
platform
windows10-2004_x64
resource
win10v2004-20231215-en
resource tags

arch:x64arch:x86image:win10v2004-20231215-enlocale:en-usos:windows10-2004-x64system
submitted
13-02-2024 06:17

Target

98b098261544e379f08ec21c3cbc1975.exe
Size

9KB
MD5

98b098261544e379f08ec21c3cbc1975
SHA1

fb3bf8d57d6e0fd4bc3b76d6ea89a49a650b4e93
SHA256

3556f33f094f4645cc9196b4d88026d39c00c61027c85b45faecd8de69fec1d7
SHA512

74982b7716dbe4b10b5f4241aa28e6ab829d4f22c58c48ab47ce827be627fbfb78ab5d0968f02eddf8b2735fd45774d6833ce70d72b9b2bd6a70324a39902cc6
SSDEEP

192:6BksuHEXVwVcneMZZ3sf93VnjdwCzZ3wvWgO:iVwCneMEFnhwCVgv9

Score

1^/10

Suspicious use of AdjustPrivilegeToken 1 IoCs

description	pid	Process
Token: SeDebugPrivilege	64	98b098261544e379f08ec21c3cbc1975.exe

C:\Users\Admin\AppData\Local\Temp\98b098261544e379f08ec21c3cbc1975.exe
"C:\Users\Admin\AppData\Local\Temp\98b098261544e379f08ec21c3cbc1975.exe"
1⤵
- Suspicious use of AdjustPrivilegeToken
PID:64

memory/64-0-0x0000000000D40000-0x0000000000D48000-memory.dmp

Filesize
32KB

Download
memory/64-1-0x00007FFD48E80000-0x00007FFD49941000-memory.dmp

Filesize
10.8MB

Download
memory/64-2-0x0000000002DC0000-0x0000000002DD2000-memory.dmp

Filesize
72KB

Download
memory/64-3-0x000000001B870000-0x000000001B8AC000-memory.dmp

Filesize
240KB

Download
memory/64-4-0x000000001BBC0000-0x000000001BBD0000-memory.dmp

Filesize
64KB

Download
memory/64-5-0x00007FFD48E80000-0x00007FFD49941000-memory.dmp

Filesize
10.8MB

Download
memory/64-6-0x00007FFD48E80000-0x00007FFD49941000-memory.dmp

Filesize
10.8MB

Download