af309964a65c9f95b6d8b64a50ee6935d74c7aabd5296dabc6ec1807864ee30c

Analysis

max time kernel
120s
max time network
121s
platform
windows7_x64
resource
win7-20240419-en
resource tags

arch:x64arch:x86image:win7-20240419-enlocale:en-usos:windows7-x64system
submitted
30/04/2024, 01:28

Target

af309964a65c9f95b6d8b64a50ee6935d74c7aabd5296dabc6ec1807864ee30c.exe
Size

3.3MB
MD5

a95452fbd0c52b2b61720a0ac39d227d
SHA1

619713a7ba226e1e99540d60c00cdf88cfb53548
SHA256

af309964a65c9f95b6d8b64a50ee6935d74c7aabd5296dabc6ec1807864ee30c
SHA512

a831349017328c41e107448952607bf85557326dcfbc51fdcd2ec308c922d44b88568ddcda4f6b338f5006547fc42eb880c72250769509e4aeaed0102e113a7b
SSDEEP

49152:RKFBY+LoY2G/uW16js/+EoETONa4O8b8ITDnl/hFx+/w/3FPfUNDZ4:RoY+LoYLVWE+EoEQfFPfUNF

Score

1^/10

Suspicious use of AdjustPrivilegeToken 1 IoCs

description	pid	Process
Token: SeTakeOwnershipPrivilege	1996	af309964a65c9f95b6d8b64a50ee6935d74c7aabd5296dabc6ec1807864ee30c.exe

C:\Users\Admin\AppData\Local\Temp\af309964a65c9f95b6d8b64a50ee6935d74c7aabd5296dabc6ec1807864ee30c.exe
"C:\Users\Admin\AppData\Local\Temp\af309964a65c9f95b6d8b64a50ee6935d74c7aabd5296dabc6ec1807864ee30c.exe"
1⤵
- Suspicious use of AdjustPrivilegeToken
PID:1996

memory/1996-0-0x0000000000400000-0x0000000000751000-memory.dmp

Filesize
3.3MB

Download
memory/1996-2-0x0000000000230000-0x0000000000297000-memory.dmp

Filesize
412KB

Download
memory/1996-6-0x0000000000230000-0x0000000000297000-memory.dmp

Filesize
412KB

Download
memory/1996-7-0x0000000000230000-0x0000000000297000-memory.dmp

Filesize
412KB

Download
memory/1996-11-0x0000000000400000-0x0000000000751000-memory.dmp

Filesize
3.3MB

Download