19aa9ee2b4b5ebea35f178b976a629466dca77d42d1bb7a6a33276cbf09dac19

Analysis

max time kernel
150s
max time network
159s
platform
windows10-2004_x64
resource
win10v2004-20240226-en
resource tags

arch:x64arch:x86image:win10v2004-20240226-enlocale:en-usos:windows10-2004-x64system
submitted
09-03-2024 14:27

Target

bc09690e792cfa432e6d04ab74c6b17d.exe
Size

9KB
MD5

bc09690e792cfa432e6d04ab74c6b17d
SHA1

c5364d831d79b2d80dcac390db19b8df5d4e966b
SHA256

19aa9ee2b4b5ebea35f178b976a629466dca77d42d1bb7a6a33276cbf09dac19
SHA512

b211ee23813dcf6a76cddf4f4a6ccc0aea821f1ecd2ca07cb43328acc16c78af67dae4e11e773944d77b7b27c1f7d20e1a0296c92b91891b3631808ffe19f751
SSDEEP

192:gBksuDzHNQyHleMZZ3L93VnjdwqzVh3jL7o:7HDleM9FnhwqBh37

Score

1^/10

Suspicious use of AdjustPrivilegeToken 1 IoCs

description	pid	Process
Token: SeDebugPrivilege	3672	bc09690e792cfa432e6d04ab74c6b17d.exe

C:\Users\Admin\AppData\Local\Temp\bc09690e792cfa432e6d04ab74c6b17d.exe
"C:\Users\Admin\AppData\Local\Temp\bc09690e792cfa432e6d04ab74c6b17d.exe"
1⤵
- Suspicious use of AdjustPrivilegeToken
PID:3672

memory/3672-0-0x0000000000490000-0x0000000000498000-memory.dmp

Filesize
32KB

Download
memory/3672-1-0x00007FFEEED70000-0x00007FFEEF831000-memory.dmp

Filesize
10.8MB

Download
memory/3672-2-0x0000000002530000-0x0000000002542000-memory.dmp

Filesize
72KB

Download
memory/3672-3-0x000000001AF70000-0x000000001AFAC000-memory.dmp

Filesize
240KB

Download
memory/3672-4-0x000000001B3A0000-0x000000001B3B0000-memory.dmp

Filesize
64KB

Download
memory/3672-5-0x00007FFEEED70000-0x00007FFEEF831000-memory.dmp

Filesize
10.8MB

Download
memory/3672-6-0x000000001B3A0000-0x000000001B3B0000-memory.dmp

Filesize
64KB

Download
memory/3672-7-0x00007FFEEED70000-0x00007FFEEF831000-memory.dmp

Filesize
10.8MB

Download