8019ebd0ce0d34f855fe08e7fc0860208eec6f048459f947e2b16ca776240555

Analysis

max time kernel
12s
max time network
15s
platform
windows7_x64
resource
win7-20240221-en
resource tags

arch:x64arch:x86image:win7-20240221-enlocale:en-usos:windows7-x64system
submitted
22/02/2024, 17:48 UTC

Target

RPC_Dumper.exe
Size

1.5MB
MD5

ec60980742196d8dd77df142aaa8a647
SHA1

e56362ca6c1fdc8697c67590c4ad8db32b3c3baf
SHA256

8019ebd0ce0d34f855fe08e7fc0860208eec6f048459f947e2b16ca776240555
SHA512

8570f40a15e41faeba05b5de1122f1ddabeb3d58b93676428947b1a9795ca2dbb050af65b47c28607592946e61ed432a835d7accebc5d5f9a1e802c8fbd061df
SSDEEP

24576:wwcyIwg5lwkRdq3a+n7v03TminUkgQYUbkcK+Ca9jm9Z089TFfvVkxQKW3:wwGSkG3Bn783vSskc/+yOTFcQ

Score

1^/10

Suspicious use of AdjustPrivilegeToken 1 IoCs

description	pid	Process
Token: SeDebugPrivilege	2484	RPC_Dumper.exe

C:\Users\Admin\AppData\Local\Temp\RPC_Dumper.exe
"C:\Users\Admin\AppData\Local\Temp\RPC_Dumper.exe"
1⤵
- Suspicious use of AdjustPrivilegeToken
PID:2484

memory/2484-0-0x0000000000D60000-0x0000000000EEA000-memory.dmp

Filesize
1.5MB

Download
memory/2484-1-0x00000000745F0000-0x0000000074CDE000-memory.dmp

Filesize
6.9MB

Download
memory/2484-2-0x0000000004990000-0x00000000049D0000-memory.dmp

Filesize
256KB

Download
memory/2484-3-0x0000000004E10000-0x0000000004F36000-memory.dmp

Filesize
1.1MB

Download
memory/2484-4-0x00000000745F0000-0x0000000074CDE000-memory.dmp

Filesize
6.9MB

Download