9647d12daecee9c151759d7ae31f654ff966a34fd0ec9e8bb4ed488cc8029f0e

Analysis

max time kernel
121s
max time network
122s
platform
windows7_x64
resource
win7-20240221-en
resource tags

arch:x64arch:x86image:win7-20240221-enlocale:en-usos:windows7-x64system
submitted
15/04/2024, 00:45

Target

9647d12daecee9c151759d7ae31f654ff966a34fd0ec9e8bb4ed488cc8029f0e.exe
Size

702KB
MD5

d26434b5a0d5fd194a99f16ddb5f3f8f
SHA1

120842e485e90d2e366728f5c5b9763f6d1d7f92
SHA256

9647d12daecee9c151759d7ae31f654ff966a34fd0ec9e8bb4ed488cc8029f0e
SHA512

f5e405ef71b0cad0f69e10a6782509093eca9fc013fd04ed9d904039b92dce795d556a779c10a51b4d4a1256dd532e93d1c4b8c73005f929d88655e9129a2d6e
SSDEEP

12288:pSYFz/TTFCrNDFKYmKIiirRGW2phzrvXuayM1J3AAlrAf0d83QC0OXxcpGHMki:VFj38NDFKYmKOF0zr31JwAlcR3QC0OXn

Score

1^/10

Suspicious use of AdjustPrivilegeToken 1 IoCs

description	pid	Process
Token: SeTakeOwnershipPrivilege	3024	9647d12daecee9c151759d7ae31f654ff966a34fd0ec9e8bb4ed488cc8029f0e.exe

C:\Users\Admin\AppData\Local\Temp\9647d12daecee9c151759d7ae31f654ff966a34fd0ec9e8bb4ed488cc8029f0e.exe
"C:\Users\Admin\AppData\Local\Temp\9647d12daecee9c151759d7ae31f654ff966a34fd0ec9e8bb4ed488cc8029f0e.exe"
1⤵
- Suspicious use of AdjustPrivilegeToken
PID:3024

memory/3024-0-0x0000000000400000-0x00000000004B6000-memory.dmp

Filesize
728KB

Download
memory/3024-1-0x0000000000230000-0x0000000000297000-memory.dmp

Filesize
412KB

Download
memory/3024-6-0x0000000000230000-0x0000000000297000-memory.dmp

Filesize
412KB

Download
memory/3024-10-0x0000000000400000-0x00000000004B6000-memory.dmp

Filesize
728KB

Download