33bca0b7c35d92fe1dec4638d803349ca76a0f4b2a647efa49697edb77d2ae95

Analysis

max time kernel
150s
max time network
122s
platform
windows7_x64
resource
win7-20241023-en
resource tags

arch:x64arch:x86image:win7-20241023-enlocale:en-usos:windows7-x64system
submitted
25-12-2024 13:36

Target

7zSCD97F9B7/61cf42d8cfbf4_Fri175590209.exe
Size

178KB
MD5

f8c7d533e566557eb19e6a89f910ab6b
SHA1

a225ef1c22fcd29562bd5f8a2d0da3969a5393cb
SHA256

697949b98fd6207152522f27bcfea3716c336a8cab81751738eda59fd6067dee
SHA512

a450548c41c45955206459d58f712284b4589bad7a93d9a6c98c5cd0f1f48cb66ee56cc2568e5dfd1fd174fdc6fa4bd249f5b1c9521dc018ec5b90718d0c97b1
SSDEEP

3072:+aU3o2140NKteqz0d6EPMGz9tEsyyyyyhxxxxi+ElqRKbCG:vU3LTNgeqk6EP/pIxxxxj

Score

1^/10

Suspicious use of AdjustPrivilegeToken 1 IoCs

description	pid	Process
Token: SeDebugPrivilege	2816	61cf42d8cfbf4_Fri175590209.exe

C:\Users\Admin\AppData\Local\Temp\7zSCD97F9B7\61cf42d8cfbf4_Fri175590209.exe
"C:\Users\Admin\AppData\Local\Temp\7zSCD97F9B7\61cf42d8cfbf4_Fri175590209.exe"
1⤵
- Suspicious use of AdjustPrivilegeToken
PID:2816

memory/2816-0-0x000007FEF5003000-0x000007FEF5004000-memory.dmp

Filesize
4KB

Download
memory/2816-1-0x0000000000E40000-0x0000000000E76000-memory.dmp

Filesize
216KB

Download
memory/2816-2-0x0000000000350000-0x0000000000356000-memory.dmp

Filesize
24KB

Download
memory/2816-3-0x000007FEF5000000-0x000007FEF59EC000-memory.dmp

Filesize
9.9MB

Download
memory/2816-4-0x000007FEF5003000-0x000007FEF5004000-memory.dmp

Filesize
4KB

Download
memory/2816-5-0x000007FEF5000000-0x000007FEF59EC000-memory.dmp

Filesize
9.9MB

Download