c4cdaa6cfc97a3ba8c70fe676cbcf5fa2280a616aad83b51f587d57f1764e7e0

Analysis

max time kernel
192s
max time network
259s
platform
windows10-2004_x64
resource
win10v2004-20240226-en
resource tags

arch:x64arch:x86image:win10v2004-20240226-enlocale:en-usos:windows10-2004-x64system
submitted
15-03-2024 20:16

Target

PaintDotNet.exe
Size

2.0MB
MD5

da11080e76aa6f6ddaf949dacdf91695
SHA1

17739eade33984b9f7728c9e8014f4cb7d09f98f
SHA256

e1db30ca7b39d386225b19be53bbf045247c0565072024c9fae2457f256c8a85
SHA512

7a13913fd3e28fe1642a439e9a4d9cb5516bce6fd0068aeecb29af1000b98a70fd02e4cc103aed3f3831c75fbb2d73b9027fbc80daf56c469c76e90861afb41a
SSDEEP

24576:J/HykHxgVwLB5ziKE+t6LR15OXdvJd2C5O49e5wY8hh:dwcBxiKET4bd2C5f

Score

1^/10

Suspicious use of AdjustPrivilegeToken 1 IoCs

Processes:

PaintDotNet.exe

description pid process

Token: SeDebugPrivilege 1488 PaintDotNet.exe

description	pid	process
Token: SeDebugPrivilege	1488	PaintDotNet.exe

C:\Users\Admin\AppData\Local\Temp\PaintDotNet.exe
"C:\Users\Admin\AppData\Local\Temp\PaintDotNet.exe"
1⤵
- Suspicious use of AdjustPrivilegeToken
PID:1488

memory/1488-0-0x0000025143490000-0x0000025143698000-memory.dmp

Filesize
2.0MB

Download
memory/1488-1-0x000002515DBF0000-0x000002515DC88000-memory.dmp

Filesize
608KB

Download
memory/1488-2-0x000002515DEF0000-0x000002515E0F2000-memory.dmp

Filesize
2.0MB

Download
memory/1488-4-0x00007FF8C61F0000-0x00007FF8C6CB1000-memory.dmp

Filesize
10.8MB

Download
memory/1488-5-0x000002515E100000-0x000002515E1FC000-memory.dmp

Filesize
1008KB

Download
memory/1488-3-0x000002515DCE0000-0x000002515DDD0000-memory.dmp

Filesize
960KB

Download
memory/1488-6-0x000002515DCB0000-0x000002515DCC0000-memory.dmp

Filesize
64KB

Download
memory/1488-7-0x00007FF8C61F0000-0x00007FF8C6CB1000-memory.dmp

Filesize
10.8MB

Download