da2df2fafb1ac63ea81c6d0082a94482b1177a7e34cf4f811d242ef058addc6e

Analysis

max time kernel
148s
max time network
156s
platform
windows10-2004_x64
resource
win10v2004-20240226-en
resource tags

arch:x64arch:x86image:win10v2004-20240226-enlocale:en-usos:windows10-2004-x64system
submitted
05/03/2024, 19:15

Target

b5778847ecb28e5d3fb8e66f6ed04334.exe
Size

9KB
MD5

b5778847ecb28e5d3fb8e66f6ed04334
SHA1

b2939cbaf61ed45b0350b5c6a1dff56c0780030f
SHA256

da2df2fafb1ac63ea81c6d0082a94482b1177a7e34cf4f811d242ef058addc6e
SHA512

aa5c65d720b54e26a45197c1a77770b38ea21382c0fbf2aba078d2dcae20a24349d7397fea43675c843dbbaae170eac64b4ab98adf507a802cdf789aac93c734
SSDEEP

192:jBksunPY82gQv5F4nt0eMZZ3l93VnjdwCz53Ey1:d82l4nt0eMvFnhwCt1

Score

1^/10

Suspicious use of AdjustPrivilegeToken 1 IoCs

description	pid	Process
Token: SeDebugPrivilege	4548	b5778847ecb28e5d3fb8e66f6ed04334.exe

C:\Users\Admin\AppData\Local\Temp\b5778847ecb28e5d3fb8e66f6ed04334.exe
"C:\Users\Admin\AppData\Local\Temp\b5778847ecb28e5d3fb8e66f6ed04334.exe"
1⤵
- Suspicious use of AdjustPrivilegeToken
PID:4548

memory/4548-0-0x0000000000370000-0x0000000000378000-memory.dmp

Filesize
32KB

Download
memory/4548-1-0x00007FFC357D0000-0x00007FFC36291000-memory.dmp

Filesize
10.8MB

Download
memory/4548-2-0x00000000024F0000-0x0000000002502000-memory.dmp

Filesize
72KB

Download
memory/4548-3-0x000000001AE70000-0x000000001AEAC000-memory.dmp

Filesize
240KB

Download
memory/4548-4-0x000000001B150000-0x000000001B160000-memory.dmp

Filesize
64KB

Download
memory/4548-5-0x00007FFC357D0000-0x00007FFC36291000-memory.dmp

Filesize
10.8MB

Download
memory/4548-6-0x00007FFC357D0000-0x00007FFC36291000-memory.dmp

Filesize
10.8MB

Download