e54322776febd82c1c1219cbede4b22fadc10776da7ef98b12bcf27d97e7a1c5

Analysis

max time kernel
94s
max time network
127s
platform
windows10-2004_x64
resource
win10v2004-20240226-en
resource tags

arch:x64arch:x86image:win10v2004-20240226-enlocale:en-usos:windows10-2004-x64system
submitted
28-02-2024 23:30

Target

ad223281fe3ce95a3b65a2e06c43d158.exe
Size

9KB
MD5

ad223281fe3ce95a3b65a2e06c43d158
SHA1

d33a1ca094efe04c4fc708dea15c0ff54abe2e9e
SHA256

e54322776febd82c1c1219cbede4b22fadc10776da7ef98b12bcf27d97e7a1c5
SHA512

a66f23614e13c7f7ffe5c9cadcd13a42156b603c3b17d7f51f43d8838536c446231f02741de766ed9e5c509c58662cbbb36c10d3134a484b59f283cdf0308fb5
SSDEEP

192:xBksuvPY82gQv5F4oTtqeMZZ3j93VnjdwCz838oscrfe:r82l4stqeMdFnhwCYsXcrf

Score

1^/10

Suspicious use of AdjustPrivilegeToken 1 IoCs

description	pid	Process
Token: SeDebugPrivilege	4112	ad223281fe3ce95a3b65a2e06c43d158.exe

C:\Users\Admin\AppData\Local\Temp\ad223281fe3ce95a3b65a2e06c43d158.exe
"C:\Users\Admin\AppData\Local\Temp\ad223281fe3ce95a3b65a2e06c43d158.exe"
1⤵
- Suspicious use of AdjustPrivilegeToken
PID:4112

memory/4112-0-0x00000000007F0000-0x00000000007F8000-memory.dmp

Filesize
32KB

Download
memory/4112-1-0x0000000002870000-0x0000000002882000-memory.dmp

Filesize
72KB

Download
memory/4112-2-0x00007FFC13BA0000-0x00007FFC14661000-memory.dmp

Filesize
10.8MB

Download
memory/4112-3-0x00000000029F0000-0x0000000002A2C000-memory.dmp

Filesize
240KB

Download
memory/4112-4-0x000000001B720000-0x000000001B730000-memory.dmp

Filesize
64KB

Download
memory/4112-5-0x00007FFC13BA0000-0x00007FFC14661000-memory.dmp

Filesize
10.8MB

Download
memory/4112-6-0x00007FFC13BA0000-0x00007FFC14661000-memory.dmp

Filesize
10.8MB

Download