9f7cd187fb3fd3727820d9a77979476ed9c3e8d27db4b41a1cae8d0de26c00db

Analysis

max time kernel
149s
max time network
151s
platform
windows10-2004_x64
resource
win10v2004-20240226-en
resource tags

arch:x64arch:x86image:win10v2004-20240226-enlocale:en-usos:windows10-2004-x64system
submitted
19-03-2024 17:40

Target

d6ba0bc1ed10ae4a790ee1e23e176bce.exe
Size

9KB
MD5

d6ba0bc1ed10ae4a790ee1e23e176bce
SHA1

bd6d486612793994a6d5eec274c139c8c3d873f4
SHA256

9f7cd187fb3fd3727820d9a77979476ed9c3e8d27db4b41a1cae8d0de26c00db
SHA512

01b5b02dfdd36be0e20b4e557386c036e9e6b64692c2ecdd4aa046ed4cc3da040d9e03682897cea3f24724e6344519f57a8e4f9c4240aba27424ad2842f3f9b9
SSDEEP

192:lVBksu/EXVwVgieMZZ3H93VnjdwCzF3ftgz:ljVwGieMxFnhwCxPtg

Score

1^/10

Suspicious use of AdjustPrivilegeToken 1 IoCs

description	pid	Process
Token: SeDebugPrivilege	3880	d6ba0bc1ed10ae4a790ee1e23e176bce.exe

C:\Users\Admin\AppData\Local\Temp\d6ba0bc1ed10ae4a790ee1e23e176bce.exe
"C:\Users\Admin\AppData\Local\Temp\d6ba0bc1ed10ae4a790ee1e23e176bce.exe"
1⤵
- Suspicious use of AdjustPrivilegeToken
PID:3880

memory/3880-0-0x0000000000320000-0x0000000000328000-memory.dmp

Filesize
32KB

Download
memory/3880-1-0x000000001ADA0000-0x000000001ADB2000-memory.dmp

Filesize
72KB

Download
memory/3880-2-0x00007FF969870000-0x00007FF96A331000-memory.dmp

Filesize
10.8MB

Download
memory/3880-3-0x000000001AE00000-0x000000001AE3C000-memory.dmp

Filesize
240KB

Download
memory/3880-4-0x000000001ADD0000-0x000000001ADE0000-memory.dmp

Filesize
64KB

Download
memory/3880-5-0x00007FF969870000-0x00007FF96A331000-memory.dmp

Filesize
10.8MB

Download
memory/3880-6-0x00007FF969870000-0x00007FF96A331000-memory.dmp

Filesize
10.8MB

Download