48386b5e10af37dba31932d2695083372589cf4eb0b2842eeaad610ffe39ec73

General

Target

48386b5e10af37dba31932d2695083372589cf4eb0b2842eeaad610ffe39ec73.exe
Size

512KB
MD5

ffb297b8939840edc1e6f08e72190b4d
SHA1

61913bb94988dbbc39639cefa19f008ab83dea88
SHA256

48386b5e10af37dba31932d2695083372589cf4eb0b2842eeaad610ffe39ec73
SHA512

32a2f2a4c3c64e436e342993004bbfd604e96dff5a306e648db73762471ac2bd4a0b928eecd2649852916f8dd020d9c3d10b752dd4c862b2e56a6a2a4aa9af10

Score

1^/10

Malware Config

Signatures

Modifies data under HKEY_USERS 6 IoCs

Processes:

svchost.exe

description	ioc	process
Key created	\REGISTRY\USER\S-1-5-19\Software\Microsoft\IdentityCRL\Immersive\production\Property	svchost.exe
Set value (data)	\REGISTRY\USER\S-1-5-19\SOFTWARE\Microsoft\IdentityCRL\Immersive\production\Property\00184006752482DB = 0100000001000000d08c9ddf0115d1118c7a00c04fc297eb01000000d79ef4adb8e2df4e96c16fb9ef12577e00000000020000000000106600000001000020000000f4cc4061781061aeb903b4d628e4702320cc3f23a980c83aab266961474de0be000000000e8000000002000020000000a622d7dec47f2ef97cca6f1eb764a945890f9e04e2bcdfc6a01334e1c4a3d9ac80000000e0e31bc40a93e9ab8600779b921eae3d682f8809223c4579fdad756de924a065bd45da51f99e59562fd5c2baf9dd368c5d52c640528328549d9b7d4aa75d2ec91564067340c4292244edfadbdaf277f4dc21a9b2e7d77e74b28b0dfab66444090e163e5cf3bb6a4e23cbe0182ac96503be6151513d12402556c2c34f9169af414000000052d4a68c5f7009c32ee726666ec3dc01a9ade4ce723b25c0ff96a473eb0b9ef0cad5586f9626feab9e583c2c365a3195587f877448b88713c4f092f47eb120da	svchost.exe
Key created	\REGISTRY\USER\S-1-5-19\Software\Microsoft\IdentityCRL\Immersive\production\Token\{D6D5A677-0872-4AB0-9442-BB792FCE85C5}	svchost.exe
Set value (data)	\REGISTRY\USER\S-1-5-19\SOFTWARE\Microsoft\IdentityCRL\Immersive\production\Token\{D6D5A677-0872-4AB0-9442-BB792FCE85C5}\DeviceTicket = 0100000001000000d08c9ddf0115d1118c7a00c04fc297eb01000000d79ef4adb8e2df4e96c16fb9ef12577e00000000020000000000106600000001000020000000adafb66a3e8c78d5bbad27e91bb09ad82bb4fb37243bd85caa98434da1803c04000000000e8000000002000020000000a11dbd36bd13c941fd50316531c9598388c9e49c15a8b020ca9e73daab696112200d00008164db7969e481a8e05361a29f8023313a2a84f68152afb18171f3ad1331785f6a666f4ed68bcad4a1a3afc9ab423041a60452ef8ae5457a9cce278617afc775130400986841bc2676ec2c887ea3536857e76ebca353a80914eda844a81f7d372f56a3c22812ada53b805d002f93ba63a7b8eccc0b229a6f123e421775ff80a03580759b3f3f705232aeb3935581af462db9049c978ff6edd9ed28d728afc366b42fe70251aaef8cf4fc71f908537bdfce599caf22379cb6e416ebb5bca954b60f88a5fdbdd8e02915b0c6ae42570e1738cb6a92eae54aa0cab942d7d7ee1c8b646406fc872cb24715fa04b69ce12078cdf80a3e49256d1b18cd1d45f6bd3d9c3b518bdfec1494f93db2d785357d7f9aaa4838147db81bb5725e35c6d99f9074e146de93d0da1e93ac36f72fc209bfdba92fc5b04efa332645858c3595c0337b709e2d748840d7d59858c1478014cc223b364c5f23f99023786b72c78162ea6ccba9ee846a6379cf2602701b47304e0e6316f1e8174f590c41e43f4ae1833821e48d895ab98b2d819a1346dd2987c6b3358f973dd6524263f5fee05247f562debb501ab404ea15f133faf25b797acb3015086220bdbf230fbbb26da3df4280a58b1cc741d0c422da758251ea370322726a1419782665d1e63bf9419cb88dae7c6de2881b4df539a60955d0e67753ff4e4a286a880ebb5f7e8a97104936579f693f86b981b7536fbf805bc635f81a81d5634ae7da766a9dbaf1e390bb5fa18d4da49d6b1ee95ba15015a762bcf919f8f9bb90daaa2edfbd42ccdf36ad516ffb9f150022659e832469510cde708875d9c60be5773eda46b5520cd41574fcb98101cc5a8b6bd45c9c251967dee7ec40dd173b04b7ce0071833f07e23b815a7d9cb7087b936465786aa8321606c0a47e5528fe9ab5f1d51d48e0da0b27d887cb12513b9e3a9ca266a23f469cd105010936d9282b4d7471850d398eaf5567742b74b11ccdfd4732a211c2c924c54cb8a5b7965a0a7124cea849487f9ff1a72e331e81a1ef056eb6db54307fe7c1b654eb5d937a8cd8f4443cbbc2efd8ac0a59bf70bd0a6a2d91a5fb799cea9ee35b02ebaa5e742cc7e323b4dcba4d16cc805673d99593d4d1d25df84e0de10983d9bc50734c8ad607de15e8c8171fde469ef29c601cb3e4a9c919d7259b642cf143f97064743e47f40718cb0ace1977b649c45147d16e6bf6a2f91772c0f5d73c9ac2a1cd68d941d9e4d9ad212d4b258aa89d1ea1f99882c97ffc79c26a17b618052b3a9f6e926a1cf9c6454eca426b74a4f19a9df8a2251bead7a52089b0dbf6c04b9ebc660346daace7b2aa07d962b8a20aceca4401d92e0ec30bfc9a6ceb8fcdc9f2eb2b0e38c05409cc805fde317b7093a0e760e1e2fa2617bcf8bab06dcb54d755035d2e2a9a9f2dd91a4fadf3f9bbb48d374c36e36f40410cd790478c5a00bb654dea3409ad1249d4a15905c29927afe14d8e8acab541cdca5c03fa99c80b2b6b35121a11966682dd1c16501daca60e58558003bc9f716466e4762c9c659ae139d9dc15a8dc52c42ddcf3880f1ed381c373cadce04859584d8c75c82660560c73911fafca6c2eb9bca783d8456e58f58975a43547f375c59d7a9e61383efc53bfecbc449d8c3b560f24f61079f6d84d77be5a3317ab05742fbfc5a24108f743d48be5fb3a4331e84eba414232ce5d1c265f052082fffc2b664feb55e5c1a89b4c44b602f2fd0bb6e43ade160e37e91475ed49f34d55b01450d2f1da424720ef958acf48bd77b199860f55b919dd68a1331e91b2e06819ef87759b0fe94e45de9299827c1173aab56b4910f9ea452defcb211f2dab496678d931e7017c42c4100b4d45021010c9cfa7a69d3a0e3c58ce4ed42320202f9075c6c938d90310f9f45266323db8ac811855a9e9f98e76e282e6b1aaf45b2972733bcc98f54339dfb80d957be4b7bac4d3ff6ef55e2687649acab27a70beb4490098ea578856c1ee7ef9991b110cc825b9e19a7467022a2e52958521e663551f1eba42b194d21ced130b7558b719b06c3012861a406980bc4220da7443079406934b55415623cef0e5e9953160006a73c4a9a150f02e430426f8e71f9b9892686af1d5c74a0aca176fe89d43039a29e9cf7ae78cda4861e1b5c983edae3c9d4b0e0263636cad48572754dcfd17eb754e919f3a699860b480bd199bddb597d70133d07685ec5a85723e15230d9cd1f5c9cfe7aa55acfe16221556744b19f59e80d4cf71aaf2ff9399d01dac5b2961b0dd127f930e50829fced0ad9e4dd9053deee4b742d7d486d51383e3223c04e6765622774cee89267f8a74f147f5c6af329b11288b21e3639d18ded4e216865decd9da0ee9bbb546141bafc07c31fea96100d1268d1b95e7b1af48c700f6e19c6ef76d44a6419c71950a03899194c53d43f13d12869dbf75d15c6a7036939ca9b2d7f8274da3b9bfc14b1b1e89237bd9d6a8feb54573582da0797267c0504a5144d2a823e1cc01769afe171c3e7344abe119bea836da5b80baf0b98a6ef878592449a98d8b4ea61ab1d0a738d4bb98d9887eedba6dfc75e46d8acd23e04f15f5b91fdf115e40a05a33dbaddfe90b633f0bb8f140d0690dea92ee12805bf57d17773fafad30cb7fda8ac54ed0074eea30a1e0fc5b85b26e1ec722e913337f7d089569fd9de48f3646b9239808845c5769750d565b2d27ce9a2d602b5cf078ac8f46d58288c8fd57cd3a1063b37d40a8b7394b76b3b260ea262b0a6822d82867cbdc99547bf955b4659dff79a56d5d079a9500657bc2f31dec935f87eadf95a5ae7ba19d84d97c0348e58087655b82ffde2764d2ea99c69c3b555791c993c332d2ba2f28bccb790e3805008f385773240407f4cffd813d039f048821e78f2fb91054b04b62f6e6eb88a63bc6f30022be48fdfa94f7c70d14b93407cc31b2427f3c507eb02fcadf9b974e36abf859e570bdb7ca8a5f8fb3609c24362c45100e91475895bba90cce9b6663077b24741b8f4adeab78ea66df7f87319bf8d15594ddae3067ae5ae6b444903b270fe30dab7c8444e6635337ce2e843ba0da04611aa6e660e46ab4448564318ca2708ed482afe05c17d7fc57c3112d384c274d0aacf69f567edf6f7651d7b201a8824e1893c1389a6ad6f4cc196edc89c603df788449068cc782f782e973e07c02b3b4bd8fdb44e6c36c370b711f7d14c6bbf5f6f8661b90714e4c4ed9d08b170bc4d7d166a55946869f17ba7c71cabaa21530555bcec3ca883e410b6ec9d1104021ba28d5f8874ec47283fb5e03dd855c98bb20baba54ffc9e91584f1202e104d00416ea760a7f5083998f1c1fafd0f70a8882725eb7f7ea997b1fa873eee01f052df8e01c8d5811789e1dea305d4a011a8ee702a2c599d20ca1121d56fb75bb646a788a28a9f1a4deadea025ff184b09b0b3dfa11fa9df096e2b4c4ad0f44acc036c46fefbf27866e155609864d6e24da184af541b66b4a65659c64c2bf32174a6faa1092cbafd06d387e043e2de5bc411d4ddeb4b0c6a2944daba563c8af8ebdaa42448e279f781cc7ceee5d1ff7d54ba94d98f3c9196e99ceea89d1d72aeee99e97df83e67a0c9250c7fb12b4e647f6c79da0a2fbc479e3272d8483c8eaff9af427206f892ef01de85bdcedab25c6f6cbf74735864feb0c7685b95bf1cf38a4a8641107d6e09a6d594f17286f3e61216882403e0aa94d8da615bb751432904464a4f3ecb65878d851726bbb016977635d7ca37ebfb81e012e139e6c289a4b18cf3c4cdc03c5152636196979938d91b9a6a784538b45901a7dfe2ff2e134b9fa4123bc9d9e95951b2fae3b09fccc9c3749ee5e1c2d9204a8ebe39e3ab70826dd17a37c8fdd7f728972cb6e41fe5737da19fb83698abd9042680c33e7b7092c1a719be6de1d311a372529ebd5c2c906411d89c2eb44bae59aab4dd17bb3036052d029a773fc77e39662a8dbb44ddcd1e10ad38e23e21ee4d81a5ec03aca283b54e2c88373431fb5c453b2e53e18854c571a8a9cf3025d82c41cc04afd9dbcec86f6c0465552d3aa4551b4073ea3bb15254971f4aebc141753407d7a5745bc53ea3a5aad3ae07013cdd4394cd403dfaa599142b05f0f507dfcc863a35c6237b30741f4727cc2ca762a2ed2feef496155f6801aa9d29c5a6d58e09be57404aaa615a728eed801972d2dfd370411526683f95f077e4f86d21e7346b5cda31cfc81cae80f02cc100c63c4d253445084908d590b222a073c55cfc77393ef9c260981e435543586732e6f248226cc77f48fb72139f6f9de9b37b785671032fc8a0894700e6954d2fdec6c87b4cd40f221ba2e8ebed1e3fee871d8cde5bc58ab96c120514bdd19fc0c90f9fd04b7d72ed80180abd67b6578926bca44f198555a6f958fa32c94fe71009b299f4a43362a7388d70308f4d8853400c3ee75d69d707f8749dae3c047023ef337cbad8d08d282f537f1df3e8539225eabffc12ac9167e21de8432acb2ef1c720f1bbfbc5462c559dedffbb83d3474021365a306c811f6907bd2a02f9dd5eb2b43b00cbe7b72c7968d90c42b4be6806d68083c8e1d1a6fa6bf68f7a82d4931194249afee997b5fa5a44a10116ad4d2e106ba55d9751b3f8247fc38ca720a061a176af42ae2dbed4c79ef7db4f9a9e170954dc8783d342e61a51a1ebfab93a56435f9a114bdd7cac26c9ee479b26c803278453045970c0847a932d0dfb694000000050e438c858bb571bb719427aefd76adf372cea78a7fbf3cae812b8069514b887011b44c05b176671c6defa9d902d9f6a4e2b02b73a0abf1dc4ab90375490afcf	svchost.exe
Set value (str)	\REGISTRY\USER\S-1-5-19\SOFTWARE\Microsoft\IdentityCRL\Immersive\production\Token\{D6D5A677-0872-4AB0-9442-BB792FCE85C5}\DeviceId = "00184006752482DB"	svchost.exe
Set value (int)	\REGISTRY\USER\S-1-5-19\SOFTWARE\Microsoft\IdentityCRL\Immersive\production\Token\{D6D5A677-0872-4AB0-9442-BB792FCE85C5}\ApplicationFlags = "1"	svchost.exe

Suspicious use of AdjustPrivilegeToken 1 IoCs

Processes:

48386b5e10af37dba31932d2695083372589cf4eb0b2842eeaad610ffe39ec73.exe

description pid process

Token: SeDebugPrivilege 4328 48386b5e10af37dba31932d2695083372589cf4eb0b2842eeaad610ffe39ec73.exe

description	pid	process
Token: SeDebugPrivilege	4328	48386b5e10af37dba31932d2695083372589cf4eb0b2842eeaad610ffe39ec73.exe

C:\Users\Admin\AppData\Local\Temp\48386b5e10af37dba31932d2695083372589cf4eb0b2842eeaad610ffe39ec73.exe
"C:\Users\Admin\AppData\Local\Temp\48386b5e10af37dba31932d2695083372589cf4eb0b2842eeaad610ffe39ec73.exe"
1⤵
- Suspicious use of AdjustPrivilegeToken
PID:4328

C:\Windows\System32\svchost.exe
C:\Windows\System32\svchost.exe -k LocalService -p -s LicenseManager
1⤵
- Modifies data under HKEY_USERS
PID:824

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

memory/4328-134-0x0000000006450000-0x0000000006474000-memory.dmp

Filesize
144KB

Download
memory/4328-135-0x00000000064C0000-0x00000000064F2000-memory.dmp

Filesize
200KB

Download
memory/4328-136-0x0000000000400000-0x00000000046E1000-memory.dmp

Filesize
66.9MB

Download
memory/4328-137-0x0000000008E50000-0x00000000093F4000-memory.dmp

Filesize
5.6MB

Download
memory/4328-138-0x0000000009400000-0x0000000009A18000-memory.dmp

Filesize
6.1MB

Download
memory/4328-139-0x0000000009A90000-0x0000000009ACC000-memory.dmp

Filesize
240KB

Download
memory/4328-140-0x0000000009AD0000-0x0000000009AE2000-memory.dmp

Filesize
72KB

Download
memory/4328-141-0x0000000008E44000-0x0000000008E46000-memory.dmp

Filesize
8KB

Download
memory/4328-142-0x0000000009CA0000-0x0000000009DAA000-memory.dmp

Filesize
1.0MB

Download

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads