6fd1b34f48682e291b872d9d4bf8e762236ab0c2880153e3ecf136af9c20943e

Analysis

max time kernel
122s
max time network
123s
platform
windows7_x64
resource
win7-20240221-en
resource tags

arch:x64arch:x86image:win7-20240221-enlocale:en-usos:windows7-x64system
submitted
15/04/2024, 05:08

Target

6fd1b34f48682e291b872d9d4bf8e762236ab0c2880153e3ecf136af9c20943e.exe
Size

2.8MB
MD5

007cba71abb2bafc738462bc7989c912
SHA1

890b54cd9f85a9879484229734b747e73a3c808d
SHA256

6fd1b34f48682e291b872d9d4bf8e762236ab0c2880153e3ecf136af9c20943e
SHA512

23342e708016e19dc8e0339fa387c70b231e40fb5293b53ad7731c7f941f7fb47bd2dffa284a29d96ea3f2edd38e029ce2f7fdd0b37a4f24a40a0e5d60573283
SSDEEP

49152:ytMQjNrDnRa/O4VP0nWft3xl0nsTB2p8NhfySKwzrWny634oerFAeQZuiGCh9lP:6tYOAPzfxTB2ihusvnQZNl8Z

Score

1^/10

Suspicious use of AdjustPrivilegeToken 8 IoCs

description	pid	Process
Token: SeBackupPrivilege	2244	6fd1b34f48682e291b872d9d4bf8e762236ab0c2880153e3ecf136af9c20943e.exe
Token: SeRestorePrivilege	2244	6fd1b34f48682e291b872d9d4bf8e762236ab0c2880153e3ecf136af9c20943e.exe
Token: 33	2244	6fd1b34f48682e291b872d9d4bf8e762236ab0c2880153e3ecf136af9c20943e.exe
Token: SeIncBasePriorityPrivilege	2244	6fd1b34f48682e291b872d9d4bf8e762236ab0c2880153e3ecf136af9c20943e.exe
Token: 33	2244	6fd1b34f48682e291b872d9d4bf8e762236ab0c2880153e3ecf136af9c20943e.exe
Token: SeIncBasePriorityPrivilege	2244	6fd1b34f48682e291b872d9d4bf8e762236ab0c2880153e3ecf136af9c20943e.exe
Token: 33	2244	6fd1b34f48682e291b872d9d4bf8e762236ab0c2880153e3ecf136af9c20943e.exe
Token: SeIncBasePriorityPrivilege	2244	6fd1b34f48682e291b872d9d4bf8e762236ab0c2880153e3ecf136af9c20943e.exe

C:\Users\Admin\AppData\Local\Temp\6fd1b34f48682e291b872d9d4bf8e762236ab0c2880153e3ecf136af9c20943e.exe
"C:\Users\Admin\AppData\Local\Temp\6fd1b34f48682e291b872d9d4bf8e762236ab0c2880153e3ecf136af9c20943e.exe"
1⤵
- Suspicious use of AdjustPrivilegeToken
PID:2244