f0e54e25187d8235b4d80df112987cef8f2e4a9563488815f0d608891068d341

Analysis

max time kernel
149s
max time network
152s
platform
windows10-2004_x64
resource
win10v2004-20240508-en
resource tags

arch:x64arch:x86image:win10v2004-20240508-enlocale:en-usos:windows10-2004-x64system
submitted
28/05/2024, 20:39

Target

2024-05-28_99f735ff6b2802bc58e6972856b4213a_mafia.exe
Size

417KB
MD5

99f735ff6b2802bc58e6972856b4213a
SHA1

9d976a313a9d76f1bc43f360f57062f37cf4be28
SHA256

f0e54e25187d8235b4d80df112987cef8f2e4a9563488815f0d608891068d341
SHA512

fe7546a6cde8eb18b703622d4fb9d6c1b4642657523c394889d47ed3c30a55f4f9fed79fa7df789b1e8d95f50bf689f150f2455c30f13ec5c6092073517c9cf6
SSDEEP

12288:cfxfx67SSpeLlhoo909AgSap0jvFQGT3UcoP:cL0SSpeLlio9099rp0hT3UpP

Score

1^/10

Suspicious use of AdjustPrivilegeToken 3 IoCs

description	pid	Process
Token: SeSecurityPrivilege	216	2024-05-28_99f735ff6b2802bc58e6972856b4213a_mafia.exe
Token: SeTakeOwnershipPrivilege	216	2024-05-28_99f735ff6b2802bc58e6972856b4213a_mafia.exe
Token: SeDebugPrivilege	216	2024-05-28_99f735ff6b2802bc58e6972856b4213a_mafia.exe

C:\Users\Admin\AppData\Local\Temp\2024-05-28_99f735ff6b2802bc58e6972856b4213a_mafia.exe
"C:\Users\Admin\AppData\Local\Temp\2024-05-28_99f735ff6b2802bc58e6972856b4213a_mafia.exe"
1⤵
- Suspicious use of AdjustPrivilegeToken
PID:216