fd20c43c250724b2fa1ce40b7edc6e8616f6a63573da5b04fd87a307b02333c8

Analysis

max time kernel
149s
max time network
155s
platform
windows7_x64
resource
win7-20240508-en
resource tags

arch:x64arch:x86image:win7-20240508-enlocale:en-usos:windows7-x64system
submitted
11-05-2024 02:03

Target

fd20c43c250724b2fa1ce40b7edc6e8616f6a63573da5b04fd87a307b02333c8.exe
Size

73KB
MD5

bad18478169b1e5d1a4e9f55a105bc94
SHA1

acd5a2f2a4d386b35d68be8c0aa6f19bbe01b8f4
SHA256

fd20c43c250724b2fa1ce40b7edc6e8616f6a63573da5b04fd87a307b02333c8
SHA512

66d24b16442b61666c0d57464d1ecbd70089094a24a91a75c11f95a79b23440012e6ec74aed32f27b9b63494b0d513b82d11fd9d234be28a6f986b8bf3aa41a0
SSDEEP

1536:KcHADLysy+7f1CEqJ+VLTeNhmZpfmd/PqiDf075Eeii:5ADmsy49xLTw+8qM25r/

Score

9^/10

Detects executables packed with SmartAssembly 1 IoCs

resource	yara_rule
behavioral1/memory/2208-1-0x0000000000940000-0x0000000000952000-memory.dmp	INDICATOR_EXE_Packed_SmartAssembly

Suspicious use of AdjustPrivilegeToken 1 IoCs

description	pid	Process
Token: SeDebugPrivilege	2208	fd20c43c250724b2fa1ce40b7edc6e8616f6a63573da5b04fd87a307b02333c8.exe

C:\Users\Admin\AppData\Local\Temp\fd20c43c250724b2fa1ce40b7edc6e8616f6a63573da5b04fd87a307b02333c8.exe
"C:\Users\Admin\AppData\Local\Temp\fd20c43c250724b2fa1ce40b7edc6e8616f6a63573da5b04fd87a307b02333c8.exe"
1⤵
- Suspicious use of AdjustPrivilegeToken
PID:2208

memory/2208-0-0x00000000744BE000-0x00000000744BF000-memory.dmp

Filesize
4KB

Download
memory/2208-1-0x0000000000940000-0x0000000000952000-memory.dmp

Filesize
72KB

Download
memory/2208-3-0x00000000744B0000-0x0000000074B9E000-memory.dmp

Filesize
6.9MB

Download
memory/2208-2-0x00000000003E0000-0x00000000003E6000-memory.dmp

Filesize
24KB

Download
memory/2208-4-0x00000000744BE000-0x00000000744BF000-memory.dmp

Filesize
4KB

Download
memory/2208-5-0x00000000744B0000-0x0000000074B9E000-memory.dmp

Filesize
6.9MB

Download