a68b69a59eaf40e32ead156cf7692af873e05343dd7d1f637146d0bea703931e

Resubmissions

06/07/2024, 12:13

06/07/2024, 12:09

06/07/2024, 09:56

max time kernel
28s
max time network
30s
platform
windows10-2004_x64
resource
win10v2004-20240704-en
resource tags

arch:x64arch:x86image:win10v2004-20240704-enlocale:en-usos:windows10-2004-x64system
submitted
06/07/2024, 12:13

Target

RCCService.exe
Size

5.2MB
MD5

80d98f8a695a302c7b803fb649fc5013
SHA1

32cb9b34476c808af663ceab3193d868ba34ec20
SHA256

a68b69a59eaf40e32ead156cf7692af873e05343dd7d1f637146d0bea703931e
SHA512

30e4f74bcae247595c369efefa7ee979f43413e1b6f3828d8d207166f4c60108becd6775d81af44c9a697ebc5a8d44829e1b7930d4e8b3f8731d19f46dd1c496
SSDEEP

98304:bQ9rjjcAka3x9vgdHHSmnFFSaxhsHHF/81eNApeap+/SX/b1/GmOPL:0aAz3x9OjnFFSaxgHedtp+6xQPL

Score

1^/10

Suspicious use of AdjustPrivilegeToken 1 IoCs

description	pid	Process
Token: SeDebugPrivilege	4424	RCCService.exe

C:\Users\Admin\AppData\Local\Temp\RCCService.exe
"C:\Users\Admin\AppData\Local\Temp\RCCService.exe"
1⤵
- Suspicious use of AdjustPrivilegeToken
PID:4424

memory/4424-1-0x000001A88C850000-0x000001A88CD90000-memory.dmp

Filesize
5.2MB

Download
memory/4424-0-0x00007FF94E733000-0x00007FF94E735000-memory.dmp

Filesize
8KB

Download
memory/4424-2-0x000001A8A7310000-0x000001A8A74D2000-memory.dmp

Filesize
1.8MB

Download
memory/4424-3-0x00007FF94E730000-0x00007FF94F1F1000-memory.dmp

Filesize
10.8MB

Download
memory/4424-4-0x000001A8A7B10000-0x000001A8A8038000-memory.dmp

Filesize
5.2MB

Download
memory/4424-5-0x00007FF94E730000-0x00007FF94F1F1000-memory.dmp

Filesize
10.8MB

Download