da9761f3f188bfa2208ad076f3f0760e16489add3554cf8e8a9e0a05f09adeb4

Analysis

max time kernel
284s
max time network
294s
platform
windows7_x64
resource
win7-20240903-en
resource tags

arch:x64arch:x86image:win7-20240903-enlocale:en-usos:windows7-x64system
submitted
24-01-2025 00:45

Target

PO690654W226614626001MLCWHKGH10051950.pdf.exe
Size

407KB
MD5

11707e7d4128ffd80fedf1b8e1ced024
SHA1

b012614b4a5ca83156dda6b06951654650d99738
SHA256

cbeab2846912cb969bf80b60693090f0ce20b288f138e70c3d5f7fc1f981b107
SHA512

0c2e7bd02a7ccf53dcfed6067be2a810a239812b0c91cbca2da8d9d33898122c18e8e48e3fe23e007ca394ee2f158c2e68d9c234201c92b97977c2574e68b8e6
SSDEEP

6144:tkQa+PH+Tp7WmgLhjIpPMrfkZTEOIMqbUn9k1ASrznh8bvBO:tLa+eWYkfkZgOIMcU9k1ASr9U0

Score

1^/10

Suspicious use of AdjustPrivilegeToken 1 IoCs

description	pid	Process
Token: SeDebugPrivilege	2512	PO690654W226614626001MLCWHKGH10051950.pdf.exe

C:\Users\Admin\AppData\Local\Temp\PO690654W226614626001MLCWHKGH10051950.pdf.exe
"C:\Users\Admin\AppData\Local\Temp\PO690654W226614626001MLCWHKGH10051950.pdf.exe"
1⤵
- Suspicious use of AdjustPrivilegeToken
PID:2512

memory/2512-0-0x000007FEF5E53000-0x000007FEF5E54000-memory.dmp

Filesize
4KB

Download
memory/2512-1-0x00000000011A0000-0x000000000120A000-memory.dmp

Filesize
424KB

Download
memory/2512-2-0x000007FEF5E50000-0x000007FEF683C000-memory.dmp

Filesize
9.9MB

Download
memory/2512-3-0x000007FEF5E53000-0x000007FEF5E54000-memory.dmp

Filesize
4KB

Download
memory/2512-4-0x000007FEF5E50000-0x000007FEF683C000-memory.dmp

Filesize
9.9MB

Download