c06a5403e056fc7ade2a51d93dce194268b65155f8a1202692302f4bca00539b

Analysis

max time kernel
67s
max time network
53s
platform
windows10-2004_x64
resource
win10v2004-20240419-en
resource tags

arch:x64arch:x86image:win10v2004-20240419-enlocale:en-usos:windows10-2004-x64system
submitted
28-04-2024 01:13

Target

270da7ba03177d793879ddc0272e94a0003e9327298879463693f7b78f199e28.exe
Size

791KB
MD5

4498a75f6f27e3e03a0b14ba933c0a06
SHA1

259d54f92d825925cf87c9057d5d0c47a0c50bfb
SHA256

270da7ba03177d793879ddc0272e94a0003e9327298879463693f7b78f199e28
SHA512

16270ddb916f438bac3c54112ee908ac0ce2c0acf7dc0533f02e6dc49c33a8fb33272aed3e39ce11dbe420fec9ecf577752ed4bd6a203a33630f013ff912fbbf
SSDEEP

12288:PXc87X+bXPXST4Fof1XUhRtK+CVIN2X9yKBg7vj3pz17:PXcH/X4ypoig9yKe/5z17

Score

1^/10

Suspicious use of AdjustPrivilegeToken 1 IoCs

Processes:

270da7ba03177d793879ddc0272e94a0003e9327298879463693f7b78f199e28.exe

description pid process

Token: SeDebugPrivilege 2556 270da7ba03177d793879ddc0272e94a0003e9327298879463693f7b78f199e28.exe

description	pid	process
Token: SeDebugPrivilege	2556	270da7ba03177d793879ddc0272e94a0003e9327298879463693f7b78f199e28.exe

C:\Users\Admin\AppData\Local\Temp\270da7ba03177d793879ddc0272e94a0003e9327298879463693f7b78f199e28.exe
"C:\Users\Admin\AppData\Local\Temp\270da7ba03177d793879ddc0272e94a0003e9327298879463693f7b78f199e28.exe"
1⤵
- Suspicious use of AdjustPrivilegeToken
PID:2556

memory/2556-0-0x0000000000DC0000-0x0000000000E8C000-memory.dmp

Filesize
816KB

Download
memory/2556-1-0x0000000075150000-0x0000000075900000-memory.dmp

Filesize
7.7MB

Download
memory/2556-2-0x0000000005E90000-0x0000000006434000-memory.dmp

Filesize
5.6MB

Download
memory/2556-3-0x00000000058E0000-0x0000000005972000-memory.dmp

Filesize
584KB

Download
memory/2556-4-0x0000000005980000-0x0000000005A1C000-memory.dmp

Filesize
624KB

Download
memory/2556-5-0x0000000005820000-0x0000000005830000-memory.dmp

Filesize
64KB

Download
memory/2556-7-0x0000000075150000-0x0000000075900000-memory.dmp

Filesize
7.7MB

Download