ae0d9681cc81177d2fa976060a38ad7cc819b363da0192bca2620f6f285c47cc

Analysis

max time kernel
148s
max time network
153s
platform
windows11-21h2_x64
resource
win11-20240508-en
resource tags

arch:x64arch:x86image:win11-20240508-enlocale:en-usos:windows11-21h2-x64system
submitted
02-06-2024 09:57

Target

ProcessGovernor.exe
Size

936KB
MD5

188915b086edb404602bf83faba84080
SHA1

4cd4ddc39ca6571a2ccf4cb7b4f72fd62fe35478
SHA256

9e200c3af08903108b0f415d1670ef359512727e9163b0541f76a351954afe65
SHA512

99e98fda82cdba398320845807aeceec0a1b7c43a666c1c75743c83a2b2e4f75d9bcf991e0c4af0888e9fe9bf2ce5ab646c852817b13eeebec1960de10ea9652
SSDEEP

6144:PimshA8pyCod0+nsoj1+aRlkREib9yegspqvxLXoZX4RiDaYQ7Vbi/31U4Zssl8r:J48s+55+awb9yeGvtXEu/biD848fN

Score

1^/10

Suspicious use of AdjustPrivilegeToken 9 IoCs

Processes:

ProcessGovernor.exe

description	pid	process
Token: SeAssignPrimaryTokenPrivilege	4868	ProcessGovernor.exe
Token: SeDebugPrivilege	4868	ProcessGovernor.exe
Token: SeChangeNotifyPrivilege	4868	ProcessGovernor.exe
Token: SeIncBasePriorityPrivilege	4868	ProcessGovernor.exe
Token: SeIncreaseQuotaPrivilege	4868	ProcessGovernor.exe
Token: SeProfSingleProcessPrivilege	4868	ProcessGovernor.exe
Token: SeCreateGlobalPrivilege	4868	ProcessGovernor.exe
Token: SeBackupPrivilege	4868	ProcessGovernor.exe
Token: SeRestorePrivilege	4868	ProcessGovernor.exe

C:\Users\Admin\AppData\Local\Temp\ProcessGovernor.exe
"C:\Users\Admin\AppData\Local\Temp\ProcessGovernor.exe"
1⤵
- Suspicious use of AdjustPrivilegeToken
PID:4868