49e0b3dd4c0b710ad0574352db2b2c46610bec86a02d9abc3f981d583f3acadf

Resubmissions

02-06-2024 09:49

02-06-2024 09:48

max time kernel
148s
max time network
151s
platform
windows11-21h2_x64
resource
win11-20240426-en
resource tags

arch:x64arch:x86image:win11-20240426-enlocale:en-usos:windows11-21h2-x64system
submitted
02-06-2024 09:49

Target

processlasso_portable_64/ProcessGovernor.exe
Size

936KB
MD5

188915b086edb404602bf83faba84080
SHA1

4cd4ddc39ca6571a2ccf4cb7b4f72fd62fe35478
SHA256

9e200c3af08903108b0f415d1670ef359512727e9163b0541f76a351954afe65
SHA512

99e98fda82cdba398320845807aeceec0a1b7c43a666c1c75743c83a2b2e4f75d9bcf991e0c4af0888e9fe9bf2ce5ab646c852817b13eeebec1960de10ea9652
SSDEEP

6144:PimshA8pyCod0+nsoj1+aRlkREib9yegspqvxLXoZX4RiDaYQ7Vbi/31U4Zssl8r:J48s+55+awb9yeGvtXEu/biD848fN

Score

1^/10

Suspicious use of AdjustPrivilegeToken 9 IoCs

Processes:

ProcessGovernor.exe

description	pid	process
Token: SeAssignPrimaryTokenPrivilege	2972	ProcessGovernor.exe
Token: SeDebugPrivilege	2972	ProcessGovernor.exe
Token: SeChangeNotifyPrivilege	2972	ProcessGovernor.exe
Token: SeIncBasePriorityPrivilege	2972	ProcessGovernor.exe
Token: SeIncreaseQuotaPrivilege	2972	ProcessGovernor.exe
Token: SeProfSingleProcessPrivilege	2972	ProcessGovernor.exe
Token: SeCreateGlobalPrivilege	2972	ProcessGovernor.exe
Token: SeBackupPrivilege	2972	ProcessGovernor.exe
Token: SeRestorePrivilege	2972	ProcessGovernor.exe

C:\Users\Admin\AppData\Local\Temp\processlasso_portable_64\ProcessGovernor.exe
"C:\Users\Admin\AppData\Local\Temp\processlasso_portable_64\ProcessGovernor.exe"
1⤵
- Suspicious use of AdjustPrivilegeToken
PID:2972