366e8a7d29166fac29b6e245abb3d481bfcc0682834b41fea7938a8e40f21c2c

Analysis

max time kernel
141s
max time network
53s
platform
windows10-2004_x64
resource
win10v2004-20240508-en
resource tags

arch:x64arch:x86image:win10v2004-20240508-enlocale:en-usos:windows10-2004-x64system
submitted
11-06-2024 19:26

Target

ödeme makbuzu için faturanın ek kısmını görüntüle.exe
Size

3.0MB
MD5

b4a1f1d95684515d346c8d9e713d2c24
SHA1

5d27d6d64222c92c8743683300bc998941016d89
SHA256

366e8a7d29166fac29b6e245abb3d481bfcc0682834b41fea7938a8e40f21c2c
SHA512

697e00721f653403dba8ab6dd816a05a605117561de976e4db80adb2fd560382c4d9b33762088d3389427e217dfed768ea96e0cd5bfd11b9727992c980477691
SSDEEP

12288:jAysNq/fHGz+mUCi3QTn9C13lx29KmnPESWYXpn9h5jMjq63v6Tjq:YKQhTnI13D2IOcSWqp9h5jMj33Cjq

Score

1^/10

Suspicious use of AdjustPrivilegeToken 1 IoCs

description	pid	Process
Token: SeDebugPrivilege	4968	ödeme makbuzu için faturanın ek kısmını görüntüle.exe

C:\Users\Admin\AppData\Local\Temp\ödeme makbuzu için faturanın ek kısmını görüntüle.exe
"C:\Users\Admin\AppData\Local\Temp\ödeme makbuzu için faturanın ek kısmını görüntüle.exe"
1⤵
- Suspicious use of AdjustPrivilegeToken
PID:4968

memory/4968-0-0x00007FFE7B8E3000-0x00007FFE7B8E5000-memory.dmp

Filesize
8KB

Download
memory/4968-1-0x00000280EBB10000-0x00000280EBB22000-memory.dmp

Filesize
72KB

Download
memory/4968-2-0x00007FFE7B8E0000-0x00007FFE7C3A1000-memory.dmp

Filesize
10.8MB

Download
memory/4968-3-0x00000280EF3F0000-0x00000280EF482000-memory.dmp

Filesize
584KB

Download
memory/4968-4-0x00000280EE290000-0x00000280EE439000-memory.dmp

Filesize
1.7MB

Download
memory/4968-6-0x00007FFE7B8E3000-0x00007FFE7B8E5000-memory.dmp

Filesize
8KB

Download
memory/4968-7-0x00007FFE7B8E0000-0x00007FFE7C3A1000-memory.dmp

Filesize
10.8MB

Download