24d5c9ddb3714a4c9241358d30501a24d180c93b4fcd7c0ff9f5c1cd3c8a16b1

Analysis

max time kernel
142s
max time network
151s
platform
windows10-2004_x64
resource
win10v2004-20240221-en
resource tags

arch:x64arch:x86image:win10v2004-20240221-enlocale:en-usos:windows10-2004-x64system
submitted
24/02/2024, 19:55

Target

a29e4276f1204c5f7430088f07205262.exe
Size

9KB
MD5

a29e4276f1204c5f7430088f07205262
SHA1

0c9b4012fd8e505d2f6fb6ead6ac01329f6b3a02
SHA256

24d5c9ddb3714a4c9241358d30501a24d180c93b4fcd7c0ff9f5c1cd3c8a16b1
SHA512

ff8ba4501fc9634537c021813497030efe4fd22fd055b1e14b70ab393db419bd6d1585fe78f0c965f65437e09a8ca27195690ca0d19ff0327d045171d757d940
SSDEEP

192:kBksuPzHNQO8eMZZ3Ra93Vnjdwqzc39dH:LHV8eMV6Fnhwqgtd

Score

1^/10

Suspicious use of AdjustPrivilegeToken 1 IoCs

description	pid	Process
Token: SeDebugPrivilege	4444	a29e4276f1204c5f7430088f07205262.exe

C:\Users\Admin\AppData\Local\Temp\a29e4276f1204c5f7430088f07205262.exe
"C:\Users\Admin\AppData\Local\Temp\a29e4276f1204c5f7430088f07205262.exe"
1⤵
- Suspicious use of AdjustPrivilegeToken
PID:4444

memory/4444-0-0x0000000000050000-0x0000000000058000-memory.dmp

Filesize
32KB

Download
memory/4444-1-0x00007FFAEE500000-0x00007FFAEEFC1000-memory.dmp

Filesize
10.8MB

Download
memory/4444-2-0x0000000000820000-0x0000000000832000-memory.dmp

Filesize
72KB

Download
memory/4444-3-0x0000000000880000-0x00000000008BC000-memory.dmp

Filesize
240KB

Download
memory/4444-4-0x000000001AF70000-0x000000001AF80000-memory.dmp

Filesize
64KB

Download
memory/4444-5-0x00007FFAEE500000-0x00007FFAEEFC1000-memory.dmp

Filesize
10.8MB

Download
memory/4444-6-0x000000001AF70000-0x000000001AF80000-memory.dmp

Filesize
64KB

Download
memory/4444-7-0x00007FFAEE500000-0x00007FFAEEFC1000-memory.dmp

Filesize
10.8MB

Download