d517bb097a48962d7169822211b77fa98577aeb6eb766a89e4f299b2ac4739ea

Analysis

max time kernel
149s
max time network
151s
platform
windows10-2004_x64
resource
win10v2004-20241007-en
resource tags

arch:x64arch:x86image:win10v2004-20241007-enlocale:en-usos:windows10-2004-x64system
submitted
18/10/2024, 02:50

Target

d517bb097a48962d7169822211b77fa98577aeb6eb766a89e4f299b2ac4739ea.exe
Size

62KB
MD5

d949e8ecf433be93a313cd022e56eb2e
SHA1

b6f3b62e1be164757943139fb24607407dabaefc
SHA256

d517bb097a48962d7169822211b77fa98577aeb6eb766a89e4f299b2ac4739ea
SHA512

2d65167ca453a039e4a7c9b2253b343d053358326f661c2e58ce16a2f46407b0772966df8f74325e799a7c2a44d9d893635d69f6bd4402509cd94f3ee68abe0c
SSDEEP

1536:lq0ibCPRdKP8HfEA/1xTaijwu1HtD8E6d:ribWdKecRijwuUE6d

Score

1^/10

Suspicious use of AdjustPrivilegeToken 1 IoCs

description	pid	Process
Token: SeDebugPrivilege	64	d517bb097a48962d7169822211b77fa98577aeb6eb766a89e4f299b2ac4739ea.exe

C:\Users\Admin\AppData\Local\Temp\d517bb097a48962d7169822211b77fa98577aeb6eb766a89e4f299b2ac4739ea.exe
"C:\Users\Admin\AppData\Local\Temp\d517bb097a48962d7169822211b77fa98577aeb6eb766a89e4f299b2ac4739ea.exe"
1⤵
- Suspicious use of AdjustPrivilegeToken
PID:64

memory/64-0-0x00007FF868443000-0x00007FF868445000-memory.dmp

Filesize
8KB

Download
memory/64-1-0x000001CC32B20000-0x000001CC32B34000-memory.dmp

Filesize
80KB

Download
memory/64-2-0x00007FF868440000-0x00007FF868F01000-memory.dmp

Filesize
10.8MB

Download
memory/64-3-0x00007FF868443000-0x00007FF868445000-memory.dmp

Filesize
8KB

Download
memory/64-4-0x00007FF868440000-0x00007FF868F01000-memory.dmp

Filesize
10.8MB

Download