ccc209e453683bf8a4f7333eb27a69fbd8d0bdc235a27c508e303d4776de665a

Analysis

max time kernel
145s
max time network
155s
platform
windows10-2004_x64
resource
win10v2004-20240226-en
resource tags

arch:x64arch:x86image:win10v2004-20240226-enlocale:en-usos:windows10-2004-x64system
submitted
19/03/2024, 08:14

Target

d5a1c6d467b8202139a97e2cf92bb3d2.exe
Size

9KB
MD5

d5a1c6d467b8202139a97e2cf92bb3d2
SHA1

e217f07509aeba06b30b413c256e89ac9b6eb5fc
SHA256

ccc209e453683bf8a4f7333eb27a69fbd8d0bdc235a27c508e303d4776de665a
SHA512

70aa463f37c282d8c1946ef18e31f2d63724e35783b3a5146e75abbbf24bb278a96c1b7a73327e77f73ac2c4970766eaa2f7dba279f164f647248b500f3d0f50
SSDEEP

192:OBksuXzHNQKBeMZZ3n93VnjdwqzQ3qeYH:BHdBeMBFnhwq8aeY

Score

1^/10

Suspicious use of AdjustPrivilegeToken 1 IoCs

description	pid	Process
Token: SeDebugPrivilege	2180	d5a1c6d467b8202139a97e2cf92bb3d2.exe

C:\Users\Admin\AppData\Local\Temp\d5a1c6d467b8202139a97e2cf92bb3d2.exe
"C:\Users\Admin\AppData\Local\Temp\d5a1c6d467b8202139a97e2cf92bb3d2.exe"
1⤵
- Suspicious use of AdjustPrivilegeToken
PID:2180

memory/2180-0-0x0000000000470000-0x0000000000478000-memory.dmp

Filesize
32KB

Download
memory/2180-1-0x00007FFCED8A0000-0x00007FFCEE361000-memory.dmp

Filesize
10.8MB

Download
memory/2180-2-0x0000000000D40000-0x0000000000D52000-memory.dmp

Filesize
72KB

Download
memory/2180-3-0x0000000000DE0000-0x0000000000E1C000-memory.dmp

Filesize
240KB

Download
memory/2180-4-0x000000001B230000-0x000000001B240000-memory.dmp

Filesize
64KB

Download
memory/2180-5-0x00007FFCED8A0000-0x00007FFCEE361000-memory.dmp

Filesize
10.8MB

Download
memory/2180-6-0x000000001B230000-0x000000001B240000-memory.dmp

Filesize
64KB

Download
memory/2180-7-0x00007FFCED8A0000-0x00007FFCEE361000-memory.dmp

Filesize
10.8MB

Download