6f2062cf77ff652c364e9ef05ebccd24aa35c317b63e0bde3a33b0e480e70410

Analysis

max time kernel
93s
max time network
140s
platform
windows10-2004_x64
resource
win10v2004-20231215-en
resource tags

arch:x64arch:x86image:win10v2004-20231215-enlocale:en-usos:windows10-2004-x64system
submitted
20/02/2024, 10:52

Target

payment pdf.exe
Size

678KB
MD5

600803e9da620b4f9a0a54cdad882529
SHA1

5c444b2d2b1fba4ecdf494b191bcb9a0cd3f16be
SHA256

6f2062cf77ff652c364e9ef05ebccd24aa35c317b63e0bde3a33b0e480e70410
SHA512

c7d3950b2fd47708f7bfabb33d8ab1b0c2bd1fdab014d10a6eb161fff5b8b2f83d649ab0d474f9187e7b8340b7e312608a3fe2c7b5be7b28803f26db2d0b88bc
SSDEEP

12288:8UqBI7ZmO9GL3wGllh50elrQTy5GlE48:8M1mOALDHlrQTCGC48

Score

1^/10

Suspicious use of AdjustPrivilegeToken 1 IoCs

description	pid	Process
Token: SeDebugPrivilege	3556	payment pdf.exe

C:\Users\Admin\AppData\Local\Temp\payment pdf.exe
"C:\Users\Admin\AppData\Local\Temp\payment pdf.exe"
1⤵
- Suspicious use of AdjustPrivilegeToken
PID:3556

memory/3556-1-0x0000000074E60000-0x0000000075610000-memory.dmp

Filesize
7.7MB

Download
memory/3556-0-0x0000000000400000-0x00000000004B0000-memory.dmp

Filesize
704KB

Download
memory/3556-2-0x00000000049D0000-0x0000000004A6C000-memory.dmp

Filesize
624KB

Download
memory/3556-3-0x0000000004B10000-0x0000000004BA2000-memory.dmp

Filesize
584KB

Download
memory/3556-4-0x0000000004CF0000-0x0000000004D00000-memory.dmp

Filesize
64KB

Download
memory/3556-6-0x0000000074E60000-0x0000000075610000-memory.dmp

Filesize
7.7MB

Download