6a2ca88fcf5b0cdb1cccb36841545b6543bb4e451d081567e90f8b07b381dcb8

Analysis

max time kernel
142s
max time network
147s
platform
windows10-2004_x64
resource
win10v2004-20230703-en
resource tags

arch:x64arch:x86image:win10v2004-20230703-enlocale:en-usos:windows10-2004-x64system
submitted
19/07/2023, 07:55

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

fish_bot_3.10 - 快捷方式.lnk
Size

1KB
MD5

04bc0f26744140425611e32f576c951d
SHA1

ee3e93221186cbac445182103cb9525a004346df
SHA256

6a2ca88fcf5b0cdb1cccb36841545b6543bb4e451d081567e90f8b07b381dcb8
SHA512

bed77a622fb7543cd58cab860a932efdce2e6a194ffe71e9364668f822a81d92e35f54fc459801b8cfe1e2188f4390bfc70ae43039053a478605e02a9e6080bc

Score

3^/10

Malware Config

Signatures

Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

Suspicious use of AdjustPrivilegeToken 1 IoCs

description	pid	Process
Token: SeManageVolumePrivilege	4388	svchost.exe

C:\Windows\system32\cmd.exe
cmd /c "C:\Users\Admin\AppData\Local\Temp\fish_bot_3.10 - 快捷方式.lnk"
1⤵
PID:3932

C:\Windows\system32\rundll32.exe
"C:\Windows\system32\rundll32.exe" "C:\Windows\SYSTEM32\EDGEHTML.dll",#141 Microsoft.VCLibs.140.00_8wekyb3d8bbwe
1⤵
PID:3528

C:\Windows\System32\svchost.exe
C:\Windows\System32\svchost.exe -k UnistackSvcGroup
1⤵
- Suspicious use of AdjustPrivilegeToken
PID:4388

Network

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Comms\UnistoreDB\store.jfm

Filesize
16KB

MD5
3f6f2966874d9876cf408fd9228ba127

SHA1
8b488019a5da16c2d12c8da5f7f6b400c24fde89

SHA256
9a5a0f754dbca93af95ce1323d77c2acd1da1db1b9ab1020f557e46ed76ccfed

SHA512
6f6ba64772af6ef47e01938f6b8c68b58ab412e29c34a9a91392549c0d62e0ea5d313c10d5bd0cd5f28ea0a5fe7757ec53432397d0c1a1353a2b889d9c1ed813

Download Submit
memory/4388-173-0x00000224D4170000-0x00000224D4171000-memory.dmp

Filesize
4KB

Download
memory/4388-175-0x00000224D4170000-0x00000224D4171000-memory.dmp

Filesize
4KB

Download
memory/4388-166-0x00000224D4170000-0x00000224D4171000-memory.dmp

Filesize
4KB

Download
memory/4388-167-0x00000224D4170000-0x00000224D4171000-memory.dmp

Filesize
4KB

Download
memory/4388-168-0x00000224D4170000-0x00000224D4171000-memory.dmp

Filesize
4KB

Download
memory/4388-169-0x00000224D4170000-0x00000224D4171000-memory.dmp

Filesize
4KB

Download
memory/4388-170-0x00000224D4170000-0x00000224D4171000-memory.dmp

Filesize
4KB

Download
memory/4388-171-0x00000224D4170000-0x00000224D4171000-memory.dmp

Filesize
4KB

Download
memory/4388-172-0x00000224D4170000-0x00000224D4171000-memory.dmp

Filesize
4KB

Download
memory/4388-177-0x00000224D3D90000-0x00000224D3D91000-memory.dmp

Filesize
4KB

Download
memory/4388-165-0x00000224D4150000-0x00000224D4151000-memory.dmp

Filesize
4KB

Download
memory/4388-174-0x00000224D4170000-0x00000224D4171000-memory.dmp

Filesize
4KB

Download
memory/4388-133-0x00000224CBA60000-0x00000224CBA70000-memory.dmp

Filesize
64KB

Download
memory/4388-176-0x00000224D3DA0000-0x00000224D3DA1000-memory.dmp

Filesize
4KB

Download
memory/4388-179-0x00000224D3DA0000-0x00000224D3DA1000-memory.dmp

Filesize
4KB

Download
memory/4388-182-0x00000224D3D90000-0x00000224D3D91000-memory.dmp

Filesize
4KB

Download
memory/4388-185-0x00000224D3CD0000-0x00000224D3CD1000-memory.dmp

Filesize
4KB

Download
memory/4388-149-0x00000224CBB60000-0x00000224CBB70000-memory.dmp

Filesize
64KB

Download
memory/4388-197-0x00000224D3ED0000-0x00000224D3ED1000-memory.dmp

Filesize
4KB

Download
memory/4388-199-0x00000224D3EE0000-0x00000224D3EE1000-memory.dmp

Filesize
4KB

Download
memory/4388-200-0x00000224D3EE0000-0x00000224D3EE1000-memory.dmp

Filesize
4KB

Download
memory/4388-201-0x00000224D3FF0000-0x00000224D3FF1000-memory.dmp

Filesize
4KB

Download