24361e74f0d87c9500ee163eeade770df3a0db6530612bdd4cd9ee891bb7b7ed

Analysis

max time kernel
149s
max time network
162s
platform
windows11-21h2_x64
resource
win11-20240709-en
resource tags

arch:x64arch:x86image:win11-20240709-enlocale:en-usos:windows11-21h2-x64system
submitted
23-07-2024 15:28

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

MicrosoftSecurityApp/xpdAgent.exe
Size

855KB
MD5

54fec1cb73d5e17d02e69b098e7ef425
SHA1

e22a425af66461d941d690638291f0aa64f17fec
SHA256

70bfe6fe4adcfbae72be0190f72f3d2d1a2f3afbc57ef64d0ffd5bf9b98acfb9
SHA512

2be12478c764869a661972523cfbe1bcec55186f625c8697724d918ca5928e0d697d8143f44a686aeeca649fd895acae87248ea8b23994a9dbfe93c27968ab47
SSDEEP

12288:D0u3nYUtqCmbK0SCkn8Q+qPFU1k8QRiAfXnP:fY9K0SCkbtfiAP

Score

1^/10

Malware Config

Signatures

Suspicious use of AdjustPrivilegeToken 1 IoCs

description	pid	Process
Token: SeDebugPrivilege	5088	xpdAgent.exe

C:\Users\Admin\AppData\Local\Temp\MicrosoftSecurityApp\xpdAgent.exe
"C:\Users\Admin\AppData\Local\Temp\MicrosoftSecurityApp\xpdAgent.exe"
1⤵
- Suspicious use of AdjustPrivilegeToken
PID:5088

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

memory/5088-0-0x00007FF94EF03000-0x00007FF94EF05000-memory.dmp

Filesize
8KB

Download
memory/5088-1-0x0000023E32C70000-0x0000023E32D48000-memory.dmp

Filesize
864KB

Download
memory/5088-2-0x0000023E34A70000-0x0000023E34A8E000-memory.dmp

Filesize
120KB

Download
memory/5088-6-0x0000023E4DFD0000-0x0000023E4DFDE000-memory.dmp

Filesize
56KB

Download
memory/5088-7-0x0000023E4E000000-0x0000023E4E00A000-memory.dmp

Filesize
40KB

Download
memory/5088-5-0x0000023E4DFF0000-0x0000023E4E004000-memory.dmp

Filesize
80KB

Download
memory/5088-4-0x0000023E34C70000-0x0000023E34C7A000-memory.dmp

Filesize
40KB

Download
memory/5088-3-0x0000023E33330000-0x0000023E3333C000-memory.dmp

Filesize
48KB

Download
memory/5088-8-0x0000023E4E010000-0x0000023E4E04E000-memory.dmp

Filesize
248KB

Download
memory/5088-9-0x0000023E4DFF0000-0x0000023E4DFF8000-memory.dmp

Filesize
32KB

Download
memory/5088-10-0x0000023E4E050000-0x0000023E4E058000-memory.dmp

Filesize
32KB

Download
memory/5088-12-0x0000023E4E090000-0x0000023E4E098000-memory.dmp

Filesize
32KB

Download
memory/5088-11-0x0000023E4E070000-0x0000023E4E078000-memory.dmp

Filesize
32KB

Download
memory/5088-13-0x0000023E4E200000-0x0000023E4E208000-memory.dmp

Filesize
32KB

Download
memory/5088-15-0x0000023E4E080000-0x0000023E4E088000-memory.dmp

Filesize
32KB

Download
memory/5088-16-0x0000023E4E220000-0x0000023E4E228000-memory.dmp

Filesize
32KB

Download
memory/5088-14-0x0000023E4E210000-0x0000023E4E21C000-memory.dmp

Filesize
48KB

Download
memory/5088-17-0x0000023E4E230000-0x0000023E4E238000-memory.dmp

Filesize
32KB

Download
memory/5088-18-0x0000023E4E240000-0x0000023E4E248000-memory.dmp

Filesize
32KB

Download
memory/5088-19-0x0000023E4E210000-0x0000023E4E218000-memory.dmp

Filesize
32KB

Download
memory/5088-20-0x00007FF94EF00000-0x00007FF94F9C2000-memory.dmp

Filesize
10.8MB

Download
memory/5088-21-0x0000023E4E250000-0x0000023E4E258000-memory.dmp

Filesize
32KB

Download
memory/5088-22-0x0000023E4E280000-0x0000023E4E292000-memory.dmp

Filesize
72KB

Download
memory/5088-23-0x0000023E4E2D0000-0x0000023E4E2D8000-memory.dmp

Filesize
32KB

Download
memory/5088-24-0x0000023E4E2E0000-0x0000023E4E2E8000-memory.dmp

Filesize
32KB

Download
memory/5088-26-0x0000023E34AA0000-0x0000023E34BEF000-memory.dmp

Filesize
1.3MB

Download
memory/5088-27-0x00007FF94EF00000-0x00007FF94F9C2000-memory.dmp

Filesize
10.8MB

Download

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads