354bc1508f089c732e5f2695d49308adfd3f27634d336aa0bb5a8778a8aeabe0

Analysis

max time kernel
118s
max time network
120s
platform
windows7_x64
resource
win7-20240704-en
resource tags

arch:x64arch:x86image:win7-20240704-enlocale:en-usos:windows7-x64system
submitted
16/08/2024, 22:08

Target

b121aa5bf58a04a413c7930ce6c07430N.exe
Size

3.9MB
MD5

b121aa5bf58a04a413c7930ce6c07430
SHA1

bd70a02a195d1cae52638cf0c9d4a8017a2ca392
SHA256

354bc1508f089c732e5f2695d49308adfd3f27634d336aa0bb5a8778a8aeabe0
SHA512

f08e015ac41d78eaa1507c646ab72afe2ac94e47c8c194336681375d8dbbf57ebfcaa87d4cf73cd0b26c1bfd6ada6f6564aa5ef4e2284f81b409d74624417608
SSDEEP

49152:qadpFUx1nkQoqvUbvgXELEnAR0gXV/XB+7nZE1GhnuFnNeNMWo0CWgiV5omI05IM:BFUxeecao3yudFnNEDHIeK+pFtFR

Score

1^/10

Suspicious use of AdjustPrivilegeToken 1 IoCs

description	pid	Process
Token: SeTakeOwnershipPrivilege	3048	b121aa5bf58a04a413c7930ce6c07430N.exe

C:\Users\Admin\AppData\Local\Temp\b121aa5bf58a04a413c7930ce6c07430N.exe
"C:\Users\Admin\AppData\Local\Temp\b121aa5bf58a04a413c7930ce6c07430N.exe"
1⤵
- Suspicious use of AdjustPrivilegeToken
PID:3048

memory/3048-0-0x0000000100000000-0x00000001003EE000-memory.dmp

Filesize
3.9MB

Download
memory/3048-1-0x0000000000290000-0x00000000002F0000-memory.dmp

Filesize
384KB

Download
memory/3048-7-0x0000000000290000-0x00000000002F0000-memory.dmp

Filesize
384KB

Download
memory/3048-8-0x0000000000290000-0x00000000002F0000-memory.dmp

Filesize
384KB

Download
memory/3048-11-0x0000000100313000-0x000000010031D000-memory.dmp

Filesize
40KB

Download
memory/3048-12-0x0000000000290000-0x00000000002F0000-memory.dmp

Filesize
384KB

Download
memory/3048-14-0x0000000100000000-0x00000001003EE000-memory.dmp

Filesize
3.9MB

Download