3607dd6c8fb151afa9664b27b8adf35bb601be0e4a64617370a5ba06e10bf097

Analysis

max time kernel
147s
max time network
155s
platform
windows10-2004_x64
resource
win10v2004-20240226-en
resource tags

arch:x64arch:x86image:win10v2004-20240226-enlocale:en-usos:windows10-2004-x64system
submitted
29/02/2024, 04:08

Target

ada6b1cb6a8a1b757e199b058f4dff84.exe
Size

9KB
MD5

ada6b1cb6a8a1b757e199b058f4dff84
SHA1

e173fb2ba33a2044595b565b4e6002eb8a7b36db
SHA256

3607dd6c8fb151afa9664b27b8adf35bb601be0e4a64617370a5ba06e10bf097
SHA512

69e1c5471a52de2a5b352ac3440e108256b4634243f9f3a32e7a6a230931c899a496bce6a7b5d723ba29943bb899da07b1094e311fadc155c6d5c254aee06d7f
SSDEEP

192:DBksuvPY82gQv5F48BtYeMZZ3N93VnjdwCzn3t4a0Ce:F82l4GtYeMvFnhwCr947C

Score

1^/10

Suspicious use of AdjustPrivilegeToken 1 IoCs

description	pid	Process
Token: SeDebugPrivilege	4956	ada6b1cb6a8a1b757e199b058f4dff84.exe

C:\Users\Admin\AppData\Local\Temp\ada6b1cb6a8a1b757e199b058f4dff84.exe
"C:\Users\Admin\AppData\Local\Temp\ada6b1cb6a8a1b757e199b058f4dff84.exe"
1⤵
- Suspicious use of AdjustPrivilegeToken
PID:4956

memory/4956-0-0x0000000000710000-0x0000000000718000-memory.dmp

Filesize
32KB

Download
memory/4956-1-0x00000000028A0000-0x00000000028B2000-memory.dmp

Filesize
72KB

Download
memory/4956-3-0x00007FFAC3E60000-0x00007FFAC4921000-memory.dmp

Filesize
10.8MB

Download
memory/4956-2-0x0000000002A20000-0x0000000002A5C000-memory.dmp

Filesize
240KB

Download
memory/4956-4-0x000000001B4B0000-0x000000001B4C0000-memory.dmp

Filesize
64KB

Download
memory/4956-5-0x00007FFAC3E60000-0x00007FFAC4921000-memory.dmp

Filesize
10.8MB

Download
memory/4956-6-0x00007FFAC3E60000-0x00007FFAC4921000-memory.dmp

Filesize
10.8MB

Download