82e560a078cd7bb4472d5af832a04c4bc8f1001bac97b1574efe9863d3f66550

Analysis

max time kernel
147s
max time network
155s
platform
windows10-2004_x64
resource
win10v2004-20240226-en
resource tags

arch:x64arch:x86image:win10v2004-20240226-enlocale:en-usos:windows10-2004-x64system
submitted
25-03-2024 20:54

Target

builder.exe
Size

121KB
MD5

5dfa998f62612e10d5d28d26948dd50f
SHA1

05618b47ccf5aba595fba60feb30969b5500abb3
SHA256

4fa565cc2ebfe97b996786facdb454e4328a28792e27e80e8b46fe24b44781af
SHA512

83a0f6b9b43d88ea704f0d006937e020a2dd7c207bc84937d2ca6d80f808b0b583a555082eb529c902f2194cb872a23d5666302908f3ed0418f061e50c56defa
SSDEEP

3072:FGLXPggYI4tRE/UAhW9SOsRHor5bHVZ3D1Lowg0p53NTz0cKzWZH28wjJ5Pq+ZoR:F2XIgYxZxPT53NjK2H6PSDlu9sYtC0gF

Score

1^/10

Suspicious use of AdjustPrivilegeToken 1 IoCs

Processes:

svchost.exe

description pid process

Token: SeManageVolumePrivilege 3884 svchost.exe

description	pid	process
Token: SeManageVolumePrivilege	3884	svchost.exe

C:\Users\Admin\AppData\Local\Temp\builder.exe
"C:\Users\Admin\AppData\Local\Temp\builder.exe"
1⤵
PID:1616

C:\Windows\system32\rundll32.exe
"C:\Windows\system32\rundll32.exe" "C:\Windows\SYSTEM32\EDGEHTML.dll",#141 Microsoft.VCLibs.140.00_8wekyb3d8bbwe
1⤵
PID:3700

C:\Windows\System32\svchost.exe
C:\Windows\System32\svchost.exe -k UnistackSvcGroup
1⤵
- Suspicious use of AdjustPrivilegeToken
PID:3884

memory/3884-0-0x00000175CED40000-0x00000175CED50000-memory.dmp

Filesize
64KB

Download
memory/3884-16-0x00000175CEE40000-0x00000175CEE50000-memory.dmp

Filesize
64KB

Download
memory/3884-32-0x00000175D7140000-0x00000175D7141000-memory.dmp

Filesize
4KB

Download
memory/3884-34-0x00000175D7170000-0x00000175D7171000-memory.dmp

Filesize
4KB

Download
memory/3884-35-0x00000175D7170000-0x00000175D7171000-memory.dmp

Filesize
4KB

Download
memory/3884-36-0x00000175D7280000-0x00000175D7281000-memory.dmp

Filesize
4KB

Download