d1a804b493c3d90e57ce89ca1566e65e8272f62f3d60dd05c35660587e9f7616

Resubmissions

26-03-2024 10:20

max time kernel
149s
max time network
150s
platform
windows10-2004_x64
resource
win10v2004-20240226-en
resource tags

arch:x64arch:x86image:win10v2004-20240226-enlocale:en-usos:windows10-2004-x64system
submitted
26-03-2024 10:20

Target

d1a804b493c3d90e57ce89ca1566e65e8272f62f3d60dd05c35660587e9f7616
Size

6KB
MD5

83dbfc45c0867bd8c7b6f05e879d062d
SHA1

66d83c7b78ce20cd937c28dc2b8c74361d632aad
SHA256

d1a804b493c3d90e57ce89ca1566e65e8272f62f3d60dd05c35660587e9f7616
SHA512

2ca01f1d05205d9516f2a162b063ba08f38b6c75aeb73fafa5a9cb42147d175519bb136d03a05da6008690dd445cf4ed280f886fd08a0abcbdece32beef46f16
SSDEEP

96:35vc9VZY5eYXLJ2L+lSh4CozP/YP9i4NfQv5rkyoRMLxw3QKRkMFWTDcmS:35v2+JdYiCgHm9s5rkJCLx6QKRkFfU

Score

1^/10

Suspicious use of AdjustPrivilegeToken 1 IoCs

description	pid	Process
Token: SeManageVolumePrivilege	940	svchost.exe

C:\Windows\system32\cmd.exe
cmd /c C:\Users\Admin\AppData\Local\Temp\d1a804b493c3d90e57ce89ca1566e65e8272f62f3d60dd05c35660587e9f7616
1⤵
PID:2752

C:\Windows\system32\rundll32.exe
"C:\Windows\system32\rundll32.exe" "C:\Windows\SYSTEM32\EDGEHTML.dll",#141 Microsoft.VCLibs.140.00_8wekyb3d8bbwe
1⤵
PID:816

C:\Windows\System32\svchost.exe
C:\Windows\System32\svchost.exe -k UnistackSvcGroup
1⤵
- Suspicious use of AdjustPrivilegeToken
PID:940

memory/940-0-0x0000020124040000-0x0000020124050000-memory.dmp

Filesize
64KB

Download
memory/940-16-0x0000020124140000-0x0000020124150000-memory.dmp

Filesize
64KB

Download
memory/940-32-0x000002012C440000-0x000002012C441000-memory.dmp

Filesize
4KB

Download
memory/940-34-0x000002012C470000-0x000002012C471000-memory.dmp

Filesize
4KB

Download
memory/940-35-0x000002012C470000-0x000002012C471000-memory.dmp

Filesize
4KB

Download
memory/940-36-0x000002012C580000-0x000002012C581000-memory.dmp

Filesize
4KB

Download