fa9cdf313805897aeb57b3131d648bdced7a8832b447c408bc763d8f6492a8c0

Analysis

max time kernel
146s
max time network
151s
platform
windows10-2004_x64
resource
win10v2004-20230915-en
resource tags

arch:x64arch:x86image:win10v2004-20230915-enlocale:en-usos:windows10-2004-x64system
submitted
22/09/2023, 22:50

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

fa9cdf313805897aeb57b3131d648bdced7a8832b447c408bc763d8f6492a8c0.exe
Size

389KB
MD5

09642fb107a9c9bc38aa7f2adc6b8514
SHA1

4f55be7e67522072475cf689c22cc7fffe971be5
SHA256

fa9cdf313805897aeb57b3131d648bdced7a8832b447c408bc763d8f6492a8c0
SHA512

b887ef0c5d3ac6c37fca75ffe55d3f2527b0ebe8d54ebdb9e6541f65231140d5fc2a8c5c8b202a976e5f0adcc4093e6d0a389ea056aa78cc92f2559e7b46763e
SSDEEP

6144:ELG1Y/OTWJVfhgupAcT93PiY+Fa7BdvGX:xG/1fJguzaY+FUB2

Score

1^/10

Malware Config

Signatures

Suspicious use of AdjustPrivilegeToken 1 IoCs

description	pid	Process
Token: SeManageVolumePrivilege	3404	svchost.exe

C:\Users\Admin\AppData\Local\Temp\fa9cdf313805897aeb57b3131d648bdced7a8832b447c408bc763d8f6492a8c0.exe
"C:\Users\Admin\AppData\Local\Temp\fa9cdf313805897aeb57b3131d648bdced7a8832b447c408bc763d8f6492a8c0.exe"
1⤵
PID:960

C:\Windows\system32\rundll32.exe
"C:\Windows\system32\rundll32.exe" "C:\Windows\SYSTEM32\EDGEHTML.dll",#141 Microsoft.VCLibs.140.00_8wekyb3d8bbwe
1⤵
PID:1492

C:\Windows\System32\svchost.exe
C:\Windows\System32\svchost.exe -k UnistackSvcGroup
1⤵
- Suspicious use of AdjustPrivilegeToken
PID:3404

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

memory/960-0-0x0000000000400000-0x0000000000435000-memory.dmp

Filesize
212KB

Download
memory/960-1-0x0000000000400000-0x0000000000435000-memory.dmp

Filesize
212KB

Download
memory/3404-2-0x000001FA0D240000-0x000001FA0D250000-memory.dmp

Filesize
64KB

Download
memory/3404-18-0x000001FA0D340000-0x000001FA0D350000-memory.dmp

Filesize
64KB

Download
memory/3404-34-0x000001FA15920000-0x000001FA15921000-memory.dmp

Filesize
4KB

Download
memory/3404-35-0x000001FA15950000-0x000001FA15951000-memory.dmp

Filesize
4KB

Download
memory/3404-36-0x000001FA15950000-0x000001FA15951000-memory.dmp

Filesize
4KB

Download
memory/3404-37-0x000001FA15950000-0x000001FA15951000-memory.dmp

Filesize
4KB

Download
memory/3404-38-0x000001FA15950000-0x000001FA15951000-memory.dmp

Filesize
4KB

Download
memory/3404-39-0x000001FA15950000-0x000001FA15951000-memory.dmp

Filesize
4KB

Download
memory/3404-40-0x000001FA15950000-0x000001FA15951000-memory.dmp

Filesize
4KB

Download
memory/3404-41-0x000001FA15950000-0x000001FA15951000-memory.dmp

Filesize
4KB

Download
memory/3404-42-0x000001FA15950000-0x000001FA15951000-memory.dmp

Filesize
4KB

Download
memory/3404-43-0x000001FA15950000-0x000001FA15951000-memory.dmp

Filesize
4KB

Download
memory/3404-44-0x000001FA15950000-0x000001FA15951000-memory.dmp

Filesize
4KB

Download
memory/3404-45-0x000001FA15570000-0x000001FA15571000-memory.dmp

Filesize
4KB

Download
memory/3404-46-0x000001FA15560000-0x000001FA15561000-memory.dmp

Filesize
4KB

Download
memory/3404-48-0x000001FA15570000-0x000001FA15571000-memory.dmp

Filesize
4KB

Download
memory/3404-51-0x000001FA15560000-0x000001FA15561000-memory.dmp

Filesize
4KB

Download
memory/3404-54-0x000001FA154A0000-0x000001FA154A1000-memory.dmp

Filesize
4KB

Download
memory/3404-66-0x000001FA156A0000-0x000001FA156A1000-memory.dmp

Filesize
4KB

Download
memory/3404-68-0x000001FA156B0000-0x000001FA156B1000-memory.dmp

Filesize
4KB

Download
memory/3404-69-0x000001FA156B0000-0x000001FA156B1000-memory.dmp

Filesize
4KB

Download
memory/3404-70-0x000001FA157C0000-0x000001FA157C1000-memory.dmp

Filesize
4KB

Download

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads