db85b6de6afb03036557d2c04e12211bc38f6152ed7d8a90d1f1df0514e62bb1

Analysis

max time kernel
90s
max time network
129s
platform
windows10-2004_x64
resource
win10v2004-20240226-en
resource tags

arch:x64arch:x86image:win10v2004-20240226-enlocale:en-usos:windows10-2004-x64system
submitted
12-03-2024 04:14

Target

c26ce3762c4d4892dad69505cfe7d116.exe
Size

9KB
MD5

c26ce3762c4d4892dad69505cfe7d116
SHA1

de05fb2dbd4397a9d0f04a00ab2f5cc61b73b5ea
SHA256

db85b6de6afb03036557d2c04e12211bc38f6152ed7d8a90d1f1df0514e62bb1
SHA512

d1d95741ded530851ca7187c527f2c921e1b920aa90d7be7f3fc0430de4df166e7e97d2333e9ce049b09f6f54e48e17431b9102527677c4041315d4acb2f7999
SSDEEP

192:BBksuPEXVwVzSeMZZ3P93VnjdwCz93Cw:/VwdSeM5FnhwChy

Score

1^/10

Suspicious use of AdjustPrivilegeToken 1 IoCs

description	pid	Process
Token: SeDebugPrivilege	2760	c26ce3762c4d4892dad69505cfe7d116.exe

C:\Users\Admin\AppData\Local\Temp\c26ce3762c4d4892dad69505cfe7d116.exe
"C:\Users\Admin\AppData\Local\Temp\c26ce3762c4d4892dad69505cfe7d116.exe"
1⤵
- Suspicious use of AdjustPrivilegeToken
PID:2760

memory/2760-0-0x0000000000B20000-0x0000000000B28000-memory.dmp

Filesize
32KB

Download
memory/2760-1-0x00000000013F0000-0x0000000001402000-memory.dmp

Filesize
72KB

Download
memory/2760-3-0x00007FFD45C90000-0x00007FFD46751000-memory.dmp

Filesize
10.8MB

Download
memory/2760-2-0x0000000002C00000-0x0000000002C3C000-memory.dmp

Filesize
240KB

Download
memory/2760-4-0x000000001B9B0000-0x000000001B9C0000-memory.dmp

Filesize
64KB

Download
memory/2760-5-0x00007FFD45C90000-0x00007FFD46751000-memory.dmp

Filesize
10.8MB

Download
memory/2760-6-0x00007FFD45C90000-0x00007FFD46751000-memory.dmp

Filesize
10.8MB

Download