15552c8898e571ffb3aa866a64a4069f310fd25d047d6f7c362272cdfd8a208d

Analysis

max time kernel
147s
max time network
154s
platform
windows10-2004_x64
resource
win10v2004-20240226-en
resource tags

arch:x64arch:x86image:win10v2004-20240226-enlocale:en-usos:windows10-2004-x64system
submitted
28/02/2024, 01:19

Target

aaa3b94088b7a8a8c8ad55511c77bb63.exe
Size

305KB
MD5

aaa3b94088b7a8a8c8ad55511c77bb63
SHA1

6bebe8d18a31fbcedc46754bc17ff8e0cc9c1ca9
SHA256

15552c8898e571ffb3aa866a64a4069f310fd25d047d6f7c362272cdfd8a208d
SHA512

6ee1f188b3195ea0947963b67feceed9791c78b3db947713771d25909331be52b7cfc4a55bdd11ad4d446b71dc1aa9204f4c75747931dba29535d18c9ff3ad28
SSDEEP

3072:IRlTYr2Ac/lqTeZi3NsBOZGNP4ofJ2xy8eK2PmqFfVRU7POjGBUgZnFwv7PTo9tJ:ElFqTZN8RO3v2PmCMmGBtZ87reva68o

Score

1^/10

Suspicious use of AdjustPrivilegeToken 1 IoCs

description	pid	Process
Token: SeDebugPrivilege	4172	aaa3b94088b7a8a8c8ad55511c77bb63.exe

C:\Users\Admin\AppData\Local\Temp\aaa3b94088b7a8a8c8ad55511c77bb63.exe
"C:\Users\Admin\AppData\Local\Temp\aaa3b94088b7a8a8c8ad55511c77bb63.exe"
1⤵
- Suspicious use of AdjustPrivilegeToken
PID:4172

memory/4172-0-0x00007FFE11010000-0x00007FFE119B1000-memory.dmp

Filesize
9.6MB

Download
memory/4172-1-0x000000001B3A0000-0x000000001B446000-memory.dmp

Filesize
664KB

Download
memory/4172-2-0x00007FFE11010000-0x00007FFE119B1000-memory.dmp

Filesize
9.6MB

Download
memory/4172-4-0x0000000000EB0000-0x0000000000EC0000-memory.dmp

Filesize
64KB

Download
memory/4172-5-0x00007FFE11010000-0x00007FFE119B1000-memory.dmp

Filesize
9.6MB

Download