b7b0187a36b890b9275c80fe5a3d10f5529fbf0e74cf0a98d6ee06926d9ca114

Analysis

max time kernel
137s
max time network
112s
platform
windows10-2004_x64
resource
win10v2004-20240419-en
resource tags

arch:x64arch:x86image:win10v2004-20240419-enlocale:en-usos:windows10-2004-x64system
submitted
07/05/2024, 19:02

Target

083084b22e2099731ee3e011cec78990_NEAS.exe
Size

116KB
MD5

083084b22e2099731ee3e011cec78990
SHA1

4471e4d7a9dd818423faf09e6421ddaec67b0fdf
SHA256

b7b0187a36b890b9275c80fe5a3d10f5529fbf0e74cf0a98d6ee06926d9ca114
SHA512

81e1ac7a44f28a1ab6fdc84a8343989145d39a8d93c678382392d82f95bb8fc9e85faa033ac06f5d27dc3e1a960c4843b01aa8c699760e701a358818c0ec52ee
SSDEEP

1536:21v3lYAL15xqZR/+Y+zeeEm2U6v+6CKe6tGdd5HEqwAl4qaooS7t769ioo//XG2R:pABTYmiOQLfGH5pldRoSh763oH4e

Score

1^/10

Suspicious use of AdjustPrivilegeToken 1 IoCs

description	pid	Process
Token: SeDebugPrivilege	2680	083084b22e2099731ee3e011cec78990_NEAS.exe

C:\Users\Admin\AppData\Local\Temp\083084b22e2099731ee3e011cec78990_NEAS.exe
"C:\Users\Admin\AppData\Local\Temp\083084b22e2099731ee3e011cec78990_NEAS.exe"
1⤵
- Suspicious use of AdjustPrivilegeToken
PID:2680

memory/2680-0-0x0000000074D2E000-0x0000000074D2F000-memory.dmp

Filesize
4KB

Download
memory/2680-1-0x0000000000AA0000-0x0000000000AC4000-memory.dmp

Filesize
144KB

Download
memory/2680-2-0x0000000074D20000-0x00000000754D0000-memory.dmp

Filesize
7.7MB

Download
memory/2680-3-0x0000000074D20000-0x00000000754D0000-memory.dmp

Filesize
7.7MB

Download
memory/2680-4-0x00000000055D0000-0x00000000055D6000-memory.dmp

Filesize
24KB

Download
memory/2680-5-0x0000000074D20000-0x00000000754D0000-memory.dmp

Filesize
7.7MB

Download
memory/2680-7-0x0000000008EE0000-0x0000000008EEE000-memory.dmp

Filesize
56KB

Download
memory/2680-6-0x0000000008F00000-0x0000000008F38000-memory.dmp

Filesize
224KB

Download
memory/2680-9-0x0000000074D20000-0x00000000754D0000-memory.dmp

Filesize
7.7MB

Download