25e74b9f7afc727e8225a17bfd729bc88f99bdfa38330cb85e6dfa6517314be0

Analysis

max time kernel
149s
max time network
150s
platform
windows10-2004_x64
resource
win10v2004-20241007-en
resource tags

arch:x64arch:x86image:win10v2004-20241007-enlocale:en-usos:windows10-2004-x64system
submitted
22-12-2024 00:58

Target

57187DE60D0B85844C3BF0F6CB49859CC0AB57B650052DE9C0DCAFF769F2DF27.exe
Size

1.7MB
MD5

20d0be500585c73ccd1255afafc94bf1
SHA1

4a639578767f9ec5cd9920975d22f2db11234c78
SHA256

57187de60d0b85844c3bf0f6cb49859cc0ab57b650052de9c0dcaff769f2df27
SHA512

5727d9d682528247954ff6edfe82c63fda1f7b41044c916b79bc0bb4fcd6ea38fc43906758085cbcc5b3ca75ee039aeb047e800234f33c4e27e0ec5bb8fc8bcc
SSDEEP

49152:r07rbz9xgwOYH8PbnZVW379NLa70hhIFj:r0SYcPNVWXLrY

Score

1^/10

Suspicious use of AdjustPrivilegeToken 2 IoCs

description	pid	Process
Token: SeLockMemoryPrivilege	3888	57187DE60D0B85844C3BF0F6CB49859CC0AB57B650052DE9C0DCAFF769F2DF27.exe
Token: SeLockMemoryPrivilege	3888	57187DE60D0B85844C3BF0F6CB49859CC0AB57B650052DE9C0DCAFF769F2DF27.exe

C:\Users\Admin\AppData\Local\Temp\57187DE60D0B85844C3BF0F6CB49859CC0AB57B650052DE9C0DCAFF769F2DF27.exe
"C:\Users\Admin\AppData\Local\Temp\57187DE60D0B85844C3BF0F6CB49859CC0AB57B650052DE9C0DCAFF769F2DF27.exe"
1⤵
- Suspicious use of AdjustPrivilegeToken
PID:3888

memory/3888-0-0x0000020EC6DC0000-0x0000020EC6DD4000-memory.dmp

Filesize
80KB

Download