2aa5cc0e3a67d2aaa080ff0e22893f3478e467e983d6e99017a16ae09992d5c0

Analysis

max time kernel
150s
max time network
154s
platform
windows10-2004_x64
resource
win10v2004-20230703-en
resource tags

arch:x64arch:x86image:win10v2004-20230703-enlocale:en-usos:windows10-2004-x64system
submitted
23-07-2023 13:26

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

icsu.exe
Size

161KB
MD5

6cd2df769b23201a6e5ca0e4bbdbb59b
SHA1

359b1926d9cb5063f66c3d191532de4f688b32af
SHA256

2aa5cc0e3a67d2aaa080ff0e22893f3478e467e983d6e99017a16ae09992d5c0
SHA512

24a5cdd30190e7a0d12e7067175082667639b489c241abcac06f284587fd7cf850d39235eb9ea16d43545b420d586e8875b6e8eb947bd25cf06d778ecf30b385
SSDEEP

3072:lSH5teUV07aedNqBcIjQCCVw/LQZsin01RdDBQcbiBginj8V3K12LB:YHreUV0ueX2/mVw/Lal01RJOcbijMd

Score

1^/10

Malware Config

Signatures

Suspicious use of AdjustPrivilegeToken 1 IoCs

description	pid	Process
Token: SeManageVolumePrivilege	3740	svchost.exe

C:\Users\Admin\AppData\Local\Temp\icsu.exe
"C:\Users\Admin\AppData\Local\Temp\icsu.exe"
1⤵
PID:2860

C:\Windows\system32\rundll32.exe
"C:\Windows\system32\rundll32.exe" "C:\Windows\SYSTEM32\EDGEHTML.dll",#141 Microsoft.VCLibs.140.00_8wekyb3d8bbwe
1⤵
PID:3708

C:\Windows\System32\svchost.exe
C:\Windows\System32\svchost.exe -k UnistackSvcGroup
1⤵
- Suspicious use of AdjustPrivilegeToken
PID:3740

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Comms\UnistoreDB\store.jfm

Filesize
16KB

MD5
8fdde29b52107ec0b387babad1bacf91

SHA1
3ccd43ae7189ef93e7042aaee85625d6314ff44d

SHA256
a3cb8114121d807f15e1cd9ed6278445e5c7ac6d8ffdb571bd4d2c61c53b2bfc

SHA512
984b8bb9e2e4a82b0b2d3cfee3318a398939c9671fac8556dc7be9893bde816c3d39fced4197db376421bb9864bc1e8fd226d4b74dfee9c5e8ed35ddf64c6bd8

Download Submit
memory/3740-173-0x000001636CFF0000-0x000001636CFF1000-memory.dmp

Filesize
4KB

Download
memory/3740-166-0x000001636CFF0000-0x000001636CFF1000-memory.dmp

Filesize
4KB

Download
memory/3740-175-0x000001636CFF0000-0x000001636CFF1000-memory.dmp

Filesize
4KB

Download
memory/3740-167-0x000001636CFF0000-0x000001636CFF1000-memory.dmp

Filesize
4KB

Download
memory/3740-168-0x000001636CFF0000-0x000001636CFF1000-memory.dmp

Filesize
4KB

Download
memory/3740-169-0x000001636CFF0000-0x000001636CFF1000-memory.dmp

Filesize
4KB

Download
memory/3740-170-0x000001636CFF0000-0x000001636CFF1000-memory.dmp

Filesize
4KB

Download
memory/3740-171-0x000001636CFF0000-0x000001636CFF1000-memory.dmp

Filesize
4KB

Download
memory/3740-176-0x000001636CD20000-0x000001636CD21000-memory.dmp

Filesize
4KB

Download
memory/3740-133-0x0000016364A40000-0x0000016364A50000-memory.dmp

Filesize
64KB

Download
memory/3740-200-0x000001636CE60000-0x000001636CE61000-memory.dmp

Filesize
4KB

Download
memory/3740-165-0x000001636CFD0000-0x000001636CFD1000-memory.dmp

Filesize
4KB

Download
memory/3740-172-0x000001636CFF0000-0x000001636CFF1000-memory.dmp

Filesize
4KB

Download
memory/3740-177-0x000001636CD10000-0x000001636CD11000-memory.dmp

Filesize
4KB

Download
memory/3740-179-0x000001636CD20000-0x000001636CD21000-memory.dmp

Filesize
4KB

Download
memory/3740-182-0x000001636CD10000-0x000001636CD11000-memory.dmp

Filesize
4KB

Download
memory/3740-185-0x000001636CC50000-0x000001636CC51000-memory.dmp

Filesize
4KB

Download
memory/3740-149-0x0000016364B40000-0x0000016364B50000-memory.dmp

Filesize
64KB

Download
memory/3740-197-0x000001636CE50000-0x000001636CE51000-memory.dmp

Filesize
4KB

Download
memory/3740-199-0x000001636CE60000-0x000001636CE61000-memory.dmp

Filesize
4KB

Download
memory/3740-201-0x000001636CF70000-0x000001636CF71000-memory.dmp

Filesize
4KB

Download
memory/3740-174-0x000001636CFF0000-0x000001636CFF1000-memory.dmp

Filesize
4KB

Download

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads