83651278d52f4448010efb3fc9b52c8cdcf8f80db550527666f91e9c36a1e987

Analysis

max time kernel
148s
max time network
154s
platform
windows10-2004_x64
resource
win10v2004-20240226-en
resource tags

arch:x64arch:x86image:win10v2004-20240226-enlocale:en-usos:windows10-2004-x64system
submitted
11/03/2024, 11:08

Target

c06fcab49ceed7d083d52e9fb52e3f04.exe
Size

9KB
MD5

c06fcab49ceed7d083d52e9fb52e3f04
SHA1

fa6bfeac335b2f34c6f774fde42193611251d64f
SHA256

83651278d52f4448010efb3fc9b52c8cdcf8f80db550527666f91e9c36a1e987
SHA512

1511d960c509ce598b76b24ea4e54b59858261cf306e9b74124462660c5b3689a73ad3fa866de4fa520f15e9c1d1ac51683c578421f844950825aa2b4e6f4d77
SSDEEP

192:bBksu/EXVwV/FeMZZ3m93VnjdwCzA3AOU:JVwtFeMSFnhwCMwO

Score

1^/10

Suspicious use of AdjustPrivilegeToken 1 IoCs

description	pid	Process
Token: SeDebugPrivilege	1956	c06fcab49ceed7d083d52e9fb52e3f04.exe

C:\Users\Admin\AppData\Local\Temp\c06fcab49ceed7d083d52e9fb52e3f04.exe
"C:\Users\Admin\AppData\Local\Temp\c06fcab49ceed7d083d52e9fb52e3f04.exe"
1⤵
- Suspicious use of AdjustPrivilegeToken
PID:1956

memory/1956-0-0x0000000000B50000-0x0000000000B58000-memory.dmp

Filesize
32KB

Download
memory/1956-1-0x0000000002BD0000-0x0000000002BE2000-memory.dmp

Filesize
72KB

Download
memory/1956-2-0x0000000002D40000-0x0000000002D7C000-memory.dmp

Filesize
240KB

Download
memory/1956-3-0x00007FFD239C0000-0x00007FFD24481000-memory.dmp

Filesize
10.8MB

Download
memory/1956-4-0x000000001B8E0000-0x000000001B8F0000-memory.dmp

Filesize
64KB

Download
memory/1956-5-0x00007FFD239C0000-0x00007FFD24481000-memory.dmp

Filesize
10.8MB

Download
memory/1956-6-0x00007FFD239C0000-0x00007FFD24481000-memory.dmp

Filesize
10.8MB

Download