79a68cdabfed0db4f35af981d8d44889d3124100bffcb1a7fb6473da67804394

Analysis

max time kernel
114s
max time network
119s
platform
windows10-2004_x64
resource
win10v2004-20240508-en
resource tags

arch:x64arch:x86image:win10v2004-20240508-enlocale:en-usos:windows10-2004-x64system
submitted
12-06-2024 21:46

Target

bomb.exe
Size

12KB
MD5

55dba6e7aa4e8cc73415f4e3f9f6bdae
SHA1

87c9f29d58f57a5e025061d389be2655ee879d5d
SHA256

3cea805f1396df15bdbcd4317388a046a41a6079dba04576a58ba7b2c812338a
SHA512

f2eb91e812b2ba58c4309fd44edadc8977367c7d9d6214d7e70a0392ae8427d570746ae57cca68dc260901f664f2e8c6c5387118ff01d243abeb5680abe2a352
SSDEEP

192:vnpYaU28zxHdo4ZMgQl9q+4ua7HhdSbwxz1ULU87glpK/b26J4Uf1XXr5:vWZdoWMR96uaLhM6ULU870gJR

Score

1^/10

Suspicious use of AdjustPrivilegeToken 1 IoCs

Processes:

bomb.exe

description pid process

Token: SeDebugPrivilege 5044 bomb.exe

description	pid	process
Token: SeDebugPrivilege	5044	bomb.exe

C:\Users\Admin\AppData\Local\Temp\bomb.exe
"C:\Users\Admin\AppData\Local\Temp\bomb.exe"
1⤵
- Suspicious use of AdjustPrivilegeToken
PID:5044

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=asset_store.mojom.AssetStoreService --lang=en-US --service-sandbox-type=asset_store_service --no-appcompat-clear --field-trial-handle=3240,i,16488180140590516186,11762960689811837350,262144 --variations-seed-version --mojo-platform-channel-handle=4048 /prefetch:8
1⤵
PID:5012

memory/5044-0-0x00007FFC83723000-0x00007FFC83725000-memory.dmp

Filesize
8KB

Download
memory/5044-1-0x000001DCB75F0000-0x000001DCB75FA000-memory.dmp

Filesize
40KB

Download
memory/5044-2-0x00007FFC83720000-0x00007FFC841E1000-memory.dmp

Filesize
10.8MB

Download
memory/5044-3-0x00007FFC83723000-0x00007FFC83725000-memory.dmp

Filesize
8KB

Download
memory/5044-5-0x00007FFC83720000-0x00007FFC841E1000-memory.dmp

Filesize
10.8MB

Download