60ff4592a4cc5540f294bbdb0fc2018b9b1c08698bb4da0fb642f518fc7f6f10

Analysis

max time kernel
148s
max time network
153s
platform
windows10-2004_x64
resource
win10v2004-20240426-en
resource tags

arch:x64arch:x86image:win10v2004-20240426-enlocale:en-usos:windows10-2004-x64system
submitted
25/05/2024, 08:45

Target

2024-05-25_a0af9c604370c798db569c49766c94a2_poet-rat_snatch_zxxz.exe
Size

25.4MB
MD5

a0af9c604370c798db569c49766c94a2
SHA1

86f69a1cc8774b9c2a93ee6599bad1e32e47a7de
SHA256

60ff4592a4cc5540f294bbdb0fc2018b9b1c08698bb4da0fb642f518fc7f6f10
SHA512

5a2be7938e9f75a7a803ae0833a0a7744a51a09dc5f8272108379089002887c72d79c14ecd8da016594b915fa31bc09cf4f5a8dd6c24777e49ad20efc118d4cc
SSDEEP

196608:6QVTG9KHuCuS98/35Y58Uaokltvgw8ChtZ:6QVa9KOCF8/e8ltvgit

Score

1^/10

Suspicious use of AdjustPrivilegeToken 1 IoCs

description	pid	Process
Token: SeDebugPrivilege	1528	2024-05-25_a0af9c604370c798db569c49766c94a2_poet-rat_snatch_zxxz.exe

C:\Users\Admin\AppData\Local\Temp\2024-05-25_a0af9c604370c798db569c49766c94a2_poet-rat_snatch_zxxz.exe
"C:\Users\Admin\AppData\Local\Temp\2024-05-25_a0af9c604370c798db569c49766c94a2_poet-rat_snatch_zxxz.exe"
1⤵
- Suspicious use of AdjustPrivilegeToken
PID:1528