49e0b3dd4c0b710ad0574352db2b2c46610bec86a02d9abc3f981d583f3acadf

Resubmissions

02-06-2024 09:49

02-06-2024 09:48

max time kernel
146s
max time network
151s
platform
windows11-21h2_x64
resource
win11-20240426-en
resource tags

arch:x64arch:x86image:win11-20240426-enlocale:en-usos:windows11-21h2-x64system
submitted
02-06-2024 09:49

Target

processlasso_portable_64/srvstub.exe
Size

119KB
MD5

8dc6504645c80d7cf3e2eb97c0b4d586
SHA1

fbf75a0918c54a2792ab6a3b865ada815f17e4a0
SHA256

77643eac202d718a1d210ee0f90af0a80348e9b3ee4624eaeb15f1641ea8ae4a
SHA512

be87ed1baf7e65c45df7dd9fbb7163be71f9856d58842edb82cac6ab565c79eff97395034802889cb00a37050ebc01e5a7b9000f4d96b5078f10aed5c50449a9
SSDEEP

3072:HI4RgdhYlbL9gWA5D7ZygsAk6yXUqiDfHyXicFs06hVAB:HI4RuhYlbLDA5DQEk6yXURncREa

Score

1^/10

Suspicious use of AdjustPrivilegeToken 2 IoCs

Processes:

srvstub.exe

description pid process

Token: SeAssignPrimaryTokenPrivilege 3228 srvstub.exe
Token: SeCreateGlobalPrivilege 3228 srvstub.exe

description	pid	process
Token: SeAssignPrimaryTokenPrivilege	3228	srvstub.exe
Token: SeCreateGlobalPrivilege	3228	srvstub.exe

C:\Users\Admin\AppData\Local\Temp\processlasso_portable_64\srvstub.exe
"C:\Users\Admin\AppData\Local\Temp\processlasso_portable_64\srvstub.exe"
1⤵
- Suspicious use of AdjustPrivilegeToken
PID:3228