Overview

overview

3

Static

static

3

sihost64.exe

windows7-x64

1

sihost64.exe

windows10-2004-x64

1

Analysis

  • max time kernel
    143s
  • max time network
    146s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20230703-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20230703-enlocale:en-usos:windows10-2004-x64system
  • submitted
    20/07/2023, 18:12

Sharing

Copy URL Twitter E-mail
Report Analysis Logs

General

  • Target

    sihost64.exe

  • Size

    8KB

  • MD5

    efff024f5024a44cd78849a0d5bcfebf

  • SHA1

    465df43502a67b6cf96bf4f83f59ec5aa1055869

  • SHA256

    5656db6dde4162c87a1784aded93fbc68198a8ca97fb9fba50fa77fd5266ea45

  • SHA512

    26f806bd61c94f774695bd13505de8b1f72390e3d23026e9b15a0cb5e75c4faa50279716e9e58d697a322432a391dea24c0ae41d4a68eedca3036fc8987ddbd1

  • SSDEEP

    96:d6Ac5w59LKYnN792+s9xCYl8ao3dKrtdDFTIoDsIPWwOgzNt:oAF5HF92+sLD854tu4Wu

Score
1/10

Malware Config

Signatures

  • Suspicious use of AdjustPrivilegeToken 1 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\sihost64.exe
    "C:\Users\Admin\AppData\Local\Temp\sihost64.exe"
    1⤵
      PID:3452
    • C:\Windows\system32\rundll32.exe
      "C:\Windows\system32\rundll32.exe" "C:\Windows\SYSTEM32\EDGEHTML.dll",#141 Microsoft.VCLibs.140.00_8wekyb3d8bbwe
      1⤵
        PID:3796
      • C:\Windows\System32\svchost.exe
        C:\Windows\System32\svchost.exe -k UnistackSvcGroup
        1⤵
        • Suspicious use of AdjustPrivilegeToken
        PID:4396

      Network

            MITRE ATT&CK Matrix

            Replay Monitor

            Loading Replay Monitor...

            Downloads

            • C:\Users\Admin\AppData\Local\Comms\UnistoreDB\store.jfm
              Filesize

              16KB

              MD5

              ac42f405eb4ea5835eff0acaf0345f6c

              SHA1

              62c8234eb5f905b852b0aa0d09bb6b0722dea1a2

              SHA256

              9d63a6d62fed36cab37127737ad3ba198be925a50aa96a7cb831a6add3601ee4

              SHA512

              d7983bb2fc43a6341cf6ab87092364bf2a5bb76d71472bf31b1e0e0bfc38c2bf3ed4bdb85b56b9e6f7117fa1284c32fcd7d2f069924321257cfb1b625c2b9553

              Download Submit

            • memory/3452-133-0x0000000000560000-0x0000000000566000-memory.dmp

              Filesize

              24KB

              Download

            • memory/3452-135-0x00007FFA0D950000-0x00007FFA0E411000-memory.dmp

              Filesize

              10.8MB

              Download

            • memory/3452-136-0x00007FFA0D950000-0x00007FFA0E411000-memory.dmp

              Filesize

              10.8MB

              Download

            • memory/4396-176-0x000001775ED20000-0x000001775ED21000-memory.dmp

              Filesize

              4KB

              Download

            • memory/4396-179-0x000001775ED20000-0x000001775ED21000-memory.dmp

              Filesize

              4KB

              Download

            • memory/4396-170-0x000001775ED20000-0x000001775ED21000-memory.dmp

              Filesize

              4KB

              Download

            • memory/4396-171-0x000001775ED20000-0x000001775ED21000-memory.dmp

              Filesize

              4KB

              Download

            • memory/4396-172-0x000001775ED20000-0x000001775ED21000-memory.dmp

              Filesize

              4KB

              Download

            • memory/4396-173-0x000001775ED20000-0x000001775ED21000-memory.dmp

              Filesize

              4KB

              Download

            • memory/4396-174-0x000001775ED20000-0x000001775ED21000-memory.dmp

              Filesize

              4KB

              Download

            • memory/4396-175-0x000001775ED20000-0x000001775ED21000-memory.dmp

              Filesize

              4KB

              Download

            • memory/4396-153-0x0000017756740000-0x0000017756750000-memory.dmp

              Filesize

              64KB

              Download

            • memory/4396-177-0x000001775ED20000-0x000001775ED21000-memory.dmp

              Filesize

              4KB

              Download

            • memory/4396-178-0x000001775ED20000-0x000001775ED21000-memory.dmp

              Filesize

              4KB

              Download

            • memory/4396-169-0x000001775ED00000-0x000001775ED01000-memory.dmp

              Filesize

              4KB

              Download

            • memory/4396-180-0x000001775E950000-0x000001775E951000-memory.dmp

              Filesize

              4KB

              Download

            • memory/4396-181-0x000001775E940000-0x000001775E941000-memory.dmp

              Filesize

              4KB

              Download

            • memory/4396-183-0x000001775E950000-0x000001775E951000-memory.dmp

              Filesize

              4KB

              Download

            • memory/4396-186-0x000001775E940000-0x000001775E941000-memory.dmp

              Filesize

              4KB

              Download

            • memory/4396-189-0x000001775E880000-0x000001775E881000-memory.dmp

              Filesize

              4KB

              Download

            • memory/4396-137-0x0000017756640000-0x0000017756650000-memory.dmp

              Filesize

              64KB

              Download

            • memory/4396-201-0x000001775EA80000-0x000001775EA81000-memory.dmp

              Filesize

              4KB

              Download

            • memory/4396-203-0x000001775EA90000-0x000001775EA91000-memory.dmp

              Filesize

              4KB

              Download

            • memory/4396-204-0x000001775EA90000-0x000001775EA91000-memory.dmp

              Filesize

              4KB

              Download

            • memory/4396-205-0x000001775EBA0000-0x000001775EBA1000-memory.dmp

              Filesize

              4KB

              Download