c8d1835d63581b79a9ff6832c4e8996f608d5c8044e8a1791edaa105ca39faec

Analysis

max time kernel
92s
max time network
114s
platform
windows10-2004_x64
resource
win10v2004-20240412-en
resource tags

arch:x64arch:x86image:win10v2004-20240412-enlocale:en-usos:windows10-2004-x64system
submitted
17/04/2024, 08:51

Target

c8d1835d63581b79a9ff6832c4e8996f608d5c8044e8a1791edaa105ca39faec.exe
Size

706KB
MD5

ac8113c5f1f7473c6521942e3f2347fb
SHA1

7582aa3d51b5758600f895e8cfc67863ba7555b0
SHA256

c8d1835d63581b79a9ff6832c4e8996f608d5c8044e8a1791edaa105ca39faec
SHA512

b87d8cb83de466d036b9c67e1c6897ed98941d995eadbe66f430647b5f67e0fc92f490a74a15a77981c3eb3414a69c0a5703d9d5665f307004cf7b923d905b85
SSDEEP

12288:WWiB+tdQVe/T4acOcTl0rYA1Tl99X8VfxqldKmJT6rakGBTnbA/OiRytS:WWiBTIwHT+ZNXgf0fRJGWkgnk/OY

Score

1^/10

Suspicious use of AdjustPrivilegeToken 1 IoCs

description	pid	Process
Token: SeTakeOwnershipPrivilege	712	c8d1835d63581b79a9ff6832c4e8996f608d5c8044e8a1791edaa105ca39faec.exe

C:\Users\Admin\AppData\Local\Temp\c8d1835d63581b79a9ff6832c4e8996f608d5c8044e8a1791edaa105ca39faec.exe
"C:\Users\Admin\AppData\Local\Temp\c8d1835d63581b79a9ff6832c4e8996f608d5c8044e8a1791edaa105ca39faec.exe"
1⤵
- Suspicious use of AdjustPrivilegeToken
PID:712

memory/712-0-0x0000000000400000-0x00000000004B5000-memory.dmp

Filesize
724KB

Download
memory/712-1-0x0000000002300000-0x0000000002367000-memory.dmp

Filesize
412KB

Download
memory/712-7-0x0000000002300000-0x0000000002367000-memory.dmp

Filesize
412KB

Download
memory/712-6-0x0000000002300000-0x0000000002367000-memory.dmp

Filesize
412KB

Download
memory/712-12-0x0000000000400000-0x00000000004B5000-memory.dmp

Filesize
724KB

Download