ef8405b88881c0d5ef6ee3905c1b87671218d8261292944b1da5a3c9e7d198ce

Analysis

max time kernel
119s
max time network
120s
platform
windows7_x64
resource
win7-20240215-en
resource tags

arch:x64arch:x86image:win7-20240215-enlocale:en-usos:windows7-x64system
submitted
09/03/2024, 17:17

Target

bc5e122ddfdceb0d4bf4363b5880552f.exe
Size

192KB
MD5

bc5e122ddfdceb0d4bf4363b5880552f
SHA1

6aeb31eeba0039bc6756916a8901f4e972761f06
SHA256

ef8405b88881c0d5ef6ee3905c1b87671218d8261292944b1da5a3c9e7d198ce
SHA512

c7402a9d70c5c26a3f85710f3eb248569aa721ee330a4a50f60f6da8b9a3272111523c61d614a50bbd99f24038059a3a251833470e97946664848419f044a88e
SSDEEP

3072:12ODtQIWo9QFrQZEW6qn3huAQBY/kfXrHVas/8/6wlZ5SRISHFErw:MODaO+F1gUAEBXTlJwlr

Score

1^/10

Suspicious use of AdjustPrivilegeToken 1 IoCs

description	pid	Process
Token: SeDebugPrivilege	2396	bc5e122ddfdceb0d4bf4363b5880552f.exe

C:\Users\Admin\AppData\Local\Temp\bc5e122ddfdceb0d4bf4363b5880552f.exe
"C:\Users\Admin\AppData\Local\Temp\bc5e122ddfdceb0d4bf4363b5880552f.exe"
1⤵
- Suspicious use of AdjustPrivilegeToken
PID:2396

memory/2396-0-0x00000000003E0000-0x0000000000416000-memory.dmp

Filesize
216KB

Download
memory/2396-2-0x000007FEF5AB0000-0x000007FEF649C000-memory.dmp

Filesize
9.9MB

Download
memory/2396-1-0x00000000003D0000-0x00000000003D6000-memory.dmp

Filesize
24KB

Download
memory/2396-3-0x000000001ACE0000-0x000000001AD60000-memory.dmp

Filesize
512KB

Download
memory/2396-4-0x0000000000420000-0x0000000000444000-memory.dmp

Filesize
144KB

Download
memory/2396-5-0x0000000000440000-0x0000000000446000-memory.dmp

Filesize
24KB

Download
memory/2396-6-0x000007FEF5AB0000-0x000007FEF649C000-memory.dmp

Filesize
9.9MB

Download