84bebbe2cc14519a656dd6ee54e892191872f7122ebf53ef6b2349a5218c11e1

Resubmissions

18-07-2024 07:25

18-07-2024 07:19

17-07-2024 20:55

17-07-2024 19:21

max time kernel
1563s
max time network
1565s
platform
windows7_x64
resource
win7-20240708-en
resource tags

arch:x64arch:x86image:win7-20240708-enlocale:en-usos:windows7-x64system
submitted
17-07-2024 19:21

Target

KeepCalm.exe
Size

218KB
MD5

f994759181fb964af17fab2f7994b9ca
SHA1

9ae72a3dc37955af7526fd8566698b7a97ed7cb0
SHA256

043969e70014662e6a8b90eaaec10f4b4064dc42c0aeba39639af82f11cbab7e
SHA512

c36ff4026879e6cbab1e95e8a8a9cc6dc8538de9fa5719625ddf5a9d578dda310325cbf1e44a2dddbc85f27521e7e736637bb102e1d230f861ecb8f2e0219188
SSDEEP

3072:Y9mM+lmsolAIrRuw+mqv9j1MWLQFidJM+lmsolAIrRuw+mqv9j1MWLQd:EF+lDAAJdi+lDAA

Score

1^/10

Suspicious use of AdjustPrivilegeToken 1 IoCs

Processes:

KeepCalm.exe

description pid process

Token: SeDebugPrivilege 2628 KeepCalm.exe

description	pid	process
Token: SeDebugPrivilege	2628	KeepCalm.exe

C:\Users\Admin\AppData\Local\Temp\KeepCalm.exe
"C:\Users\Admin\AppData\Local\Temp\KeepCalm.exe"
1⤵
- Suspicious use of AdjustPrivilegeToken
PID:2628

memory/2628-0-0x000007FEF57B3000-0x000007FEF57B4000-memory.dmp

Filesize
4KB

Download
memory/2628-1-0x0000000000F50000-0x0000000000F8E000-memory.dmp

Filesize
248KB

Download
memory/2628-2-0x000007FEF57B0000-0x000007FEF619C000-memory.dmp

Filesize
9.9MB

Download
memory/2628-3-0x000007FEF57B0000-0x000007FEF619C000-memory.dmp

Filesize
9.9MB

Download
memory/2628-4-0x000007FEF57B3000-0x000007FEF57B4000-memory.dmp

Filesize
4KB

Download