22ba67deee2d61707e126c3a09dc57bf86388a82b847a2366ac53114ff10630a

Analysis

max time kernel
121s
max time network
125s
platform
windows7_x64
resource
win7-20240221-en
resource tags

arch:x64arch:x86image:win7-20240221-enlocale:en-usos:windows7-x64system
submitted
10-04-2024 15:11

Target

22ba67deee2d61707e126c3a09dc57bf86388a82b847a2366ac53114ff10630a.exe
Size

1.7MB
MD5

8b8d0fde81c5eff9aa23ccf61a4d9940
SHA1

832b90f739bd265b1b5e03bf67d0e2af411acf24
SHA256

22ba67deee2d61707e126c3a09dc57bf86388a82b847a2366ac53114ff10630a
SHA512

bfd5d8388a455bf8f07cb643639618806ceb6acebcaf2990b69fbdfc01d9f0c133a1740b1b57f611fc01f81075ccc74460b6e23cbbcac3fa42e1f6be32abc336
SSDEEP

12288:RF7nYaFffH7nF65PYS7cNHV1GHBbXc3ydRCYeeSIwCmo7JmJVFT:fP0TcmBbM3+hebdf

Score

1^/10

Suspicious use of AdjustPrivilegeToken 1 IoCs

description	pid	Process
Token: SeTakeOwnershipPrivilege	2936	22ba67deee2d61707e126c3a09dc57bf86388a82b847a2366ac53114ff10630a.exe

C:\Users\Admin\AppData\Local\Temp\22ba67deee2d61707e126c3a09dc57bf86388a82b847a2366ac53114ff10630a.exe
"C:\Users\Admin\AppData\Local\Temp\22ba67deee2d61707e126c3a09dc57bf86388a82b847a2366ac53114ff10630a.exe"
1⤵
- Suspicious use of AdjustPrivilegeToken
PID:2936

memory/2936-0-0x0000000001C40000-0x0000000001CA0000-memory.dmp

Filesize
384KB

Download
memory/2936-1-0x0000000140000000-0x00000001402A4000-memory.dmp

Filesize
2.6MB

Download
memory/2936-7-0x0000000001C40000-0x0000000001CA0000-memory.dmp

Filesize
384KB

Download
memory/2936-8-0x0000000001C40000-0x0000000001CA0000-memory.dmp

Filesize
384KB

Download
memory/2936-10-0x0000000001C40000-0x0000000001CA0000-memory.dmp

Filesize
384KB

Download
memory/2936-12-0x0000000140000000-0x00000001402A4000-memory.dmp

Filesize
2.6MB

Download