b5aeb7b64a187baea1029b08db024f292f4e436ccbbbc38b040a765a7dfa6ee1

Analysis

max time kernel
142s
max time network
147s
platform
windows10-2004_x64
resource
win10v2004-20230831-en
resource tags

arch:x64arch:x86image:win10v2004-20230831-enlocale:en-usos:windows10-2004-x64system
submitted
13-09-2023 01:13

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

ieinstal.exe
Size

493KB
MD5

c9edd394eb4d0996ee43cb67563df50c
SHA1

6888a6b34a6b2bdac0096a453c4e6f8d10e810f3
SHA256

cc57d54c0d17f5e786a75bc28ce2133499672fe378b6f62c8117f2f0c191e932
SHA512

eaabc79b810edcb7ec0c99011eb0f87f8b45c7ea3cea17a7c2bee4bbb4c9e811040977415936cc45de8adfcea1f2367b72ac17812d510172954641d5899b97d2
SSDEEP

6144:XXR616NN5sBwNw1rOt9pdYamXnrdbMKw7w1rOt9pdYamXnrdbMKw:XXRtRF+5OLpdNIrd4Ds5OLpdNIrd4D

Score

1^/10

Malware Config

Signatures

Suspicious use of AdjustPrivilegeToken 1 IoCs

Processes:

svchost.exe

description pid process

Token: SeManageVolumePrivilege 744 svchost.exe

description	pid	process
Token: SeManageVolumePrivilege	744	svchost.exe

C:\Users\Admin\AppData\Local\Temp\ieinstal.exe
"C:\Users\Admin\AppData\Local\Temp\ieinstal.exe"
1⤵
PID:940

C:\Windows\system32\rundll32.exe
"C:\Windows\system32\rundll32.exe" "C:\Windows\SYSTEM32\EDGEHTML.dll",#141 Microsoft.VCLibs.140.00_8wekyb3d8bbwe
1⤵
PID:3628

C:\Windows\System32\svchost.exe
C:\Windows\System32\svchost.exe -k UnistackSvcGroup
1⤵
- Suspicious use of AdjustPrivilegeToken
PID:744

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Comms\UnistoreDB\store.jfm

Filesize
16KB

MD5
82aa8d6cf21f265b17a37d855e47db0b

SHA1
dbe287c5e02a0f9f53100f4386af89b56d716913

SHA256
86bc07fbe83ad1f8ff82a32c1ad3c4f18f314efaff17e71883e60e1562fca6c3

SHA512
758fe8544e81c31c336eaf216ca16b8b378370aea74b944d9afefa255d5dfd5baf248b2d4b37fa628cc76a086dcad7b4c592ecbb0a6b7b87d01ae617a8fc2cc2

Download Submit
memory/744-40-0x000001F068B00000-0x000001F068B01000-memory.dmp

Filesize
4KB

Download
memory/744-33-0x000001F068B00000-0x000001F068B01000-memory.dmp

Filesize
4KB

Download
memory/744-42-0x000001F068B00000-0x000001F068B01000-memory.dmp

Filesize
4KB

Download
memory/744-34-0x000001F068B00000-0x000001F068B01000-memory.dmp

Filesize
4KB

Download
memory/744-35-0x000001F068B00000-0x000001F068B01000-memory.dmp

Filesize
4KB

Download
memory/744-36-0x000001F068B00000-0x000001F068B01000-memory.dmp

Filesize
4KB

Download
memory/744-37-0x000001F068B00000-0x000001F068B01000-memory.dmp

Filesize
4KB

Download
memory/744-38-0x000001F068B00000-0x000001F068B01000-memory.dmp

Filesize
4KB

Download
memory/744-43-0x000001F068730000-0x000001F068731000-memory.dmp

Filesize
4KB

Download
memory/744-0-0x000001F060440000-0x000001F060450000-memory.dmp

Filesize
64KB

Download
memory/744-68-0x000001F068980000-0x000001F068981000-memory.dmp

Filesize
4KB

Download
memory/744-32-0x000001F068AE0000-0x000001F068AE1000-memory.dmp

Filesize
4KB

Download
memory/744-39-0x000001F068B00000-0x000001F068B01000-memory.dmp

Filesize
4KB

Download
memory/744-44-0x000001F068720000-0x000001F068721000-memory.dmp

Filesize
4KB

Download
memory/744-46-0x000001F068730000-0x000001F068731000-memory.dmp

Filesize
4KB

Download
memory/744-49-0x000001F068720000-0x000001F068721000-memory.dmp

Filesize
4KB

Download
memory/744-52-0x000001F068660000-0x000001F068661000-memory.dmp

Filesize
4KB

Download
memory/744-16-0x000001F060540000-0x000001F060550000-memory.dmp

Filesize
64KB

Download
memory/744-64-0x000001F068860000-0x000001F068861000-memory.dmp

Filesize
4KB

Download
memory/744-66-0x000001F068870000-0x000001F068871000-memory.dmp

Filesize
4KB

Download
memory/744-67-0x000001F068870000-0x000001F068871000-memory.dmp

Filesize
4KB

Download
memory/744-41-0x000001F068B00000-0x000001F068B01000-memory.dmp

Filesize
4KB

Download

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads