f2edcebf467190ac27ddc27c710f50655726a78d0077afb9b7dc13308a0a71cb

Analysis

max time kernel
95s
max time network
152s
platform
windows10-2004_x64
resource
win10v2004-20240802-en
resource tags

arch:x64arch:x86image:win10v2004-20240802-enlocale:en-usos:windows10-2004-x64system
submitted
13/09/2024, 03:35

Target

f2edcebf467190ac27ddc27c710f50655726a78d0077afb9b7dc13308a0a71cb.exe
Size

1.1MB
MD5

aaafc319dcc6a7f2606c2dd807f8ab1b
SHA1

1d3c4baaf267e707daa16126fdfc581e958920d4
SHA256

f2edcebf467190ac27ddc27c710f50655726a78d0077afb9b7dc13308a0a71cb
SHA512

4af45be6312054f23a47e2a216780a1d4237528c3931f6243443b2b2b7e94fbc378281e5de19603647ebddf5214e288ac4f76656460523d68c6c42eb83c80bc5
SSDEEP

24576:46m4ssUixEq2Eb5532/XUvLzkw3mmepgbuo+5TsuuC2:46m4Y2Eqzmmepgbuo+2

Score

1^/10

Suspicious use of AdjustPrivilegeToken 1 IoCs

description	pid	Process
Token: SeDebugPrivilege	3892	f2edcebf467190ac27ddc27c710f50655726a78d0077afb9b7dc13308a0a71cb.exe

C:\Users\Admin\AppData\Local\Temp\f2edcebf467190ac27ddc27c710f50655726a78d0077afb9b7dc13308a0a71cb.exe
"C:\Users\Admin\AppData\Local\Temp\f2edcebf467190ac27ddc27c710f50655726a78d0077afb9b7dc13308a0a71cb.exe"
1⤵
- Suspicious use of AdjustPrivilegeToken
PID:3892

memory/3892-0-0x00007FF805953000-0x00007FF805955000-memory.dmp

Filesize
8KB

Download
memory/3892-1-0x0000000000D60000-0x0000000000E70000-memory.dmp

Filesize
1.1MB

Download
memory/3892-2-0x00007FF805950000-0x00007FF806411000-memory.dmp

Filesize
10.8MB

Download
memory/3892-3-0x00007FF805950000-0x00007FF806411000-memory.dmp

Filesize
10.8MB

Download
memory/3892-4-0x00007FF805950000-0x00007FF806411000-memory.dmp

Filesize
10.8MB

Download
memory/3892-5-0x00007FF805953000-0x00007FF805955000-memory.dmp

Filesize
8KB

Download
memory/3892-6-0x00007FF805950000-0x00007FF806411000-memory.dmp

Filesize
10.8MB

Download