f089621fa865a1406a660945a8376953b51dee4e39b1d7cde0ca17b27a0ac7eb

Analysis

max time kernel
144s
max time network
148s
platform
windows10-2004_x64
resource
win10v2004-20231215-en
resource tags

arch:x64arch:x86image:win10v2004-20231215-enlocale:en-usos:windows10-2004-x64system
submitted
19/03/2024, 20:11

Target

d703b3cc46820009bb6c4ab14666ea9e.exe
Size

1.1MB
MD5

d703b3cc46820009bb6c4ab14666ea9e
SHA1

d4180c699f8f7fc340854dcb66cbb37c7b7584cd
SHA256

f089621fa865a1406a660945a8376953b51dee4e39b1d7cde0ca17b27a0ac7eb
SHA512

a5b8f8af1b55b6c102e22d386cd637c56951284ca31310e9adb0c45464e20b83306e082ef4b395302e1b0f7c6e9d86477284bdde0f7605d96239f2619c3b3530
SSDEEP

12288:kZZLnAQUNkJfqwybQsLhBN9aTom5OusQyh3jNMhI4iZN3i62O:0nkkAhf9aTXEuswi5Z9i6h

Score

1^/10

Suspicious use of AdjustPrivilegeToken 1 IoCs

description	pid	Process
Token: SeDebugPrivilege	1696	d703b3cc46820009bb6c4ab14666ea9e.exe

C:\Users\Admin\AppData\Local\Temp\d703b3cc46820009bb6c4ab14666ea9e.exe
"C:\Users\Admin\AppData\Local\Temp\d703b3cc46820009bb6c4ab14666ea9e.exe"
1⤵
- Suspicious use of AdjustPrivilegeToken
PID:1696

memory/1696-0-0x0000000000460000-0x000000000057A000-memory.dmp

Filesize
1.1MB

Download
memory/1696-1-0x0000000074B70000-0x0000000075320000-memory.dmp

Filesize
7.7MB

Download
memory/1696-2-0x00000000055E0000-0x0000000005B84000-memory.dmp

Filesize
5.6MB

Download
memory/1696-3-0x0000000004F60000-0x0000000004FF2000-memory.dmp

Filesize
584KB

Download
memory/1696-4-0x0000000005030000-0x0000000005384000-memory.dmp

Filesize
3.3MB

Download
memory/1696-5-0x00000000060C0000-0x00000000065EC000-memory.dmp

Filesize
5.2MB

Download
memory/1696-6-0x0000000005460000-0x00000000054FC000-memory.dmp

Filesize
624KB

Download
memory/1696-7-0x0000000005500000-0x0000000005510000-memory.dmp

Filesize
64KB

Download
memory/1696-8-0x0000000074B70000-0x0000000075320000-memory.dmp

Filesize
7.7MB

Download
memory/1696-9-0x0000000005500000-0x0000000005510000-memory.dmp

Filesize
64KB

Download