08e22447a9d9f9e67582b7a5c123a876a571e2e9499f372437fe72045258d0b7

Analysis

max time kernel
150s
max time network
154s
platform
windows10-2004_x64
resource
win10v2004-20240412-en
resource tags

arch:x64arch:x86image:win10v2004-20240412-enlocale:en-usos:windows10-2004-x64system
submitted
23/04/2024, 01:54

Target

RFQ Quatation.exe
Size

7KB
MD5

5aba94832fba8e4dc329d69e9ec5befd
SHA1

7a6ef62619e75ce9ee573498b0d72ff327e4fb5e
SHA256

2b0164c3ecb22bf4c514feef0f9471ab8a206663a3f3f38fc90a806090989f13
SHA512

7ea50adff5a43369069e7047064ef066915420bcffb97615e5f554a80e6bd1143206c1f48c153e8693a0b93691b3d3409ec9f27fd147072037a62ee9d2d6abc0
SSDEEP

192:zoYaxBtwVV44/7LsL96fwDX1WjSU6HMNiX:z16BtwVO4jLufLkjIMNK

Score

1^/10

Suspicious use of AdjustPrivilegeToken 1 IoCs

description	pid	Process
Token: SeDebugPrivilege	2240	RFQ Quatation.exe

C:\Users\Admin\AppData\Local\Temp\RFQ Quatation.exe
"C:\Users\Admin\AppData\Local\Temp\RFQ Quatation.exe"
1⤵
- Suspicious use of AdjustPrivilegeToken
PID:2240

memory/2240-2-0x0000000004BE0000-0x0000000004C72000-memory.dmp

Filesize
584KB

Download
memory/2240-1-0x0000000074520000-0x0000000074CD0000-memory.dmp

Filesize
7.7MB

Download
memory/2240-0-0x0000000000260000-0x0000000000268000-memory.dmp

Filesize
32KB

Download
memory/2240-3-0x0000000004DC0000-0x0000000004DD0000-memory.dmp

Filesize
64KB

Download
memory/2240-4-0x0000000074520000-0x0000000074CD0000-memory.dmp

Filesize
7.7MB

Download
memory/2240-5-0x0000000004DC0000-0x0000000004DD0000-memory.dmp

Filesize
64KB

Download