9608129701213f7565040f385e8c263d0daaa01ce31dcc7f95a7584c7bf4ad44

Analysis

max time kernel
93s
max time network
95s
platform
windows10-2004_x64
resource
win10v2004-20240730-en
resource tags

arch:x64arch:x86image:win10v2004-20240730-enlocale:en-usos:windows10-2004-x64system
submitted
31-07-2024 10:53

Target

c0592acd4714d89c4f9e10ef0b2a9b4a7f0a445f24fb5212781fd47ca7d34dd2.exe
Size

339KB
MD5

2ddfb16e5ef63907a7c210ace44fb975
SHA1

b73a8d82db903d029fbc4e679e5aac06058f88e2
SHA256

c0592acd4714d89c4f9e10ef0b2a9b4a7f0a445f24fb5212781fd47ca7d34dd2
SHA512

f12c43731682129626dcb8e1e2e2dbe05174207ecd1c507839f00bea21d88fbc128989e10c337776cb3527aca6687a78274a02f7581d5b6692f25e73212074f0
SSDEEP

6144:hWG/GM9boN2yLkfhQ2ycl7T4WqClgUJYe1S33JFgqyIef2yhE:/N9kN2y52ycBTHgzR5FgtIC2yhE

Score

1^/10

Suspicious use of AdjustPrivilegeToken 1 IoCs

Processes:

c0592acd4714d89c4f9e10ef0b2a9b4a7f0a445f24fb5212781fd47ca7d34dd2.exe

description pid process

Token: SeDebugPrivilege 2928 c0592acd4714d89c4f9e10ef0b2a9b4a7f0a445f24fb5212781fd47ca7d34dd2.exe

description	pid	process
Token: SeDebugPrivilege	2928	c0592acd4714d89c4f9e10ef0b2a9b4a7f0a445f24fb5212781fd47ca7d34dd2.exe

C:\Users\Admin\AppData\Local\Temp\c0592acd4714d89c4f9e10ef0b2a9b4a7f0a445f24fb5212781fd47ca7d34dd2.exe
"C:\Users\Admin\AppData\Local\Temp\c0592acd4714d89c4f9e10ef0b2a9b4a7f0a445f24fb5212781fd47ca7d34dd2.exe"
1⤵
- Suspicious use of AdjustPrivilegeToken
PID:2928

memory/2928-0-0x00000143A09C0000-0x00000143A0A18000-memory.dmp

Filesize
352KB

Download
memory/2928-1-0x00007FFAF2603000-0x00007FFAF2605000-memory.dmp

Filesize
8KB

Download
memory/2928-2-0x00007FFAF2600000-0x00007FFAF30C1000-memory.dmp

Filesize
10.8MB

Download
memory/2928-3-0x00007FFAF2600000-0x00007FFAF30C1000-memory.dmp

Filesize
10.8MB

Download