bacedbb23254934b736a9daf6de52620c9250a49686d519ceaf0a8d25da0a97f | Triage

Analysis

max time kernel
137s
max time network
146s
platform
windows10-2004_x64
resource
win10v2004-en-20220113
submitted
22-02-2022 02:19

Sharing

Report Analysis Logs

General

Target

bacedbb23254934b736a9daf6de52620c9250a49686d519ceaf0a8d25da0a97f.exe
Size

2.9MB
MD5

87f9dd02e0c6346e6d1ca3957a83709a
SHA1

1d6e2aeed499eb7d317b92b42d4a784b22d02dc6
SHA256

bacedbb23254934b736a9daf6de52620c9250a49686d519ceaf0a8d25da0a97f
SHA512

0ceeab7b4481b1327f9b41a5606e3b7c4d36ad454d8b7063e3a4f00e63186306f63d3bb1fc05db038c7a8a7baec28d750752e8cc86c971b78e541bb2713aaec7

Score

4^/10

Malware Config

Signatures

Drops file in Windows directory 6 IoCs

description	ioc	Process
File opened for modification	C:\Windows\WindowsUpdate.log	svchost.exe
File opened for modification	C:\Windows\SoftwareDistribution\DataStore\Logs\edb.chk	svchost.exe
File opened for modification	C:\Windows\SoftwareDistribution\DataStore\Logs\edb.log	svchost.exe
File opened for modification	C:\Windows\SoftwareDistribution\DataStore\DataStore.edb	svchost.exe
File opened for modification	C:\Windows\SoftwareDistribution\DataStore\DataStore.jfm	svchost.exe
File opened for modification	C:\Windows\SoftwareDistribution\ReportingEvents.log	svchost.exe

Suspicious use of AdjustPrivilegeToken 6 IoCs

description	pid	Process
Token: SeShutdownPrivilege	4008	svchost.exe
Token: SeCreatePagefilePrivilege	4008	svchost.exe
Token: SeShutdownPrivilege	4008	svchost.exe
Token: SeCreatePagefilePrivilege	4008	svchost.exe
Token: SeShutdownPrivilege	4008	svchost.exe
Token: SeCreatePagefilePrivilege	4008	svchost.exe

C:\Users\Admin\AppData\Local\Temp\bacedbb23254934b736a9daf6de52620c9250a49686d519ceaf0a8d25da0a97f.exe
"C:\Users\Admin\AppData\Local\Temp\bacedbb23254934b736a9daf6de52620c9250a49686d519ceaf0a8d25da0a97f.exe"
1⤵
PID:3544

C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe -k netsvcs -p -s wuauserv
1⤵
- Drops file in Windows directory
- Suspicious use of AdjustPrivilegeToken
PID:4008

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

memory/4008-133-0x000002ACEF330000-0x000002ACEF340000-memory.dmp

Filesize
64KB

Download
memory/4008-134-0x000002ACEF390000-0x000002ACEF3A0000-memory.dmp

Filesize
64KB

Download
memory/4008-135-0x000002ACF20B0000-0x000002ACF20B4000-memory.dmp

Filesize
16KB

Download