2209eaa2b63cc3b6d0cf81878dcf11453e05005dcf9c849d6665a8e171cb7b00

Analysis

max time kernel
141s
max time network
148s
platform
windows10-2004_x64
resource
win10v2004-20230915-en
resource tags

arch:x64arch:x86image:win10v2004-20230915-enlocale:en-usos:windows10-2004-x64system
submitted
23-09-2023 05:48

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

2209eaa2b63cc3b6d0cf81878dcf11453e05005dcf9c849d6665a8e171cb7b00.dll
Size

51KB
MD5

a93651b795e2765867835a236da9d3bd
SHA1

9974fe39bba30e3325938217a91c66b893099a4a
SHA256

2209eaa2b63cc3b6d0cf81878dcf11453e05005dcf9c849d6665a8e171cb7b00
SHA512

aa278bd20565e4b61e489946ad0a9239296d081e12652d3380d28da2c0c9de91b42fd8db9f7c7bc3b30f8a96360d492e57f3ade7114d9dcf45b1dffe0029e76d
SSDEEP

1536:1WmqoiBMNbMWtYNif/n9S91BF3frnoLaJYH5:1dWubF3n9S91BF3fboOJYH5

Score

1^/10

Malware Config

Signatures

Suspicious behavior: RenamesItself 1 IoCs

pid	Process
1108	rundll32.exe

Suspicious use of AdjustPrivilegeToken 1 IoCs

description	pid	Process
Token: SeManageVolumePrivilege	1004	svchost.exe

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 2492 wrote to memory of 1108	2492	rundll32.exe	81
PID 2492 wrote to memory of 1108	2492	rundll32.exe	81
PID 2492 wrote to memory of 1108	2492	rundll32.exe	81

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\2209eaa2b63cc3b6d0cf81878dcf11453e05005dcf9c849d6665a8e171cb7b00.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:2492
- C:\Windows\SysWOW64\rundll32.exe
  rundll32.exe C:\Users\Admin\AppData\Local\Temp\2209eaa2b63cc3b6d0cf81878dcf11453e05005dcf9c849d6665a8e171cb7b00.dll,#1
  2⤵
  - Suspicious behavior: RenamesItself
  PID:1108

C:\Windows\system32\rundll32.exe
"C:\Windows\system32\rundll32.exe" "C:\Windows\SYSTEM32\EDGEHTML.dll",#141 Microsoft.VCLibs.140.00_8wekyb3d8bbwe
1⤵
PID:640

C:\Windows\System32\svchost.exe
C:\Windows\System32\svchost.exe -k UnistackSvcGroup
1⤵
- Suspicious use of AdjustPrivilegeToken
PID:1004

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Comms\UnistoreDB\store.jfm

Filesize
16KB

MD5
74ce9c00a8dfefade8940e6872775541

SHA1
d7c6e9fd5188a763ad3184f66de4f78588813caf

SHA256
7162d8fe7b78e101a11934d9c443ecbc457c2ec6477a58e2ff8c249b0769af01

SHA512
c75ae0640d1fb9662337c27c0eb3fd7fe57ad73261a7336c3cb0bf251ba2e532a8a91b5992a3102dfd0965f024d79e0c968624b775f97f3f5134779972d221e5

Download Submit
memory/1004-40-0x0000016BFCDC0000-0x0000016BFCDC1000-memory.dmp

Filesize
4KB

Download
memory/1004-33-0x0000016BFCDC0000-0x0000016BFCDC1000-memory.dmp

Filesize
4KB

Download
memory/1004-42-0x0000016BFCDC0000-0x0000016BFCDC1000-memory.dmp

Filesize
4KB

Download
memory/1004-34-0x0000016BFCDC0000-0x0000016BFCDC1000-memory.dmp

Filesize
4KB

Download
memory/1004-35-0x0000016BFCDC0000-0x0000016BFCDC1000-memory.dmp

Filesize
4KB

Download
memory/1004-36-0x0000016BFCDC0000-0x0000016BFCDC1000-memory.dmp

Filesize
4KB

Download
memory/1004-37-0x0000016BFCDC0000-0x0000016BFCDC1000-memory.dmp

Filesize
4KB

Download
memory/1004-38-0x0000016BFCDC0000-0x0000016BFCDC1000-memory.dmp

Filesize
4KB

Download
memory/1004-43-0x0000016BFC9E0000-0x0000016BFC9E1000-memory.dmp

Filesize
4KB

Download
memory/1004-0-0x0000016BF46A0000-0x0000016BF46B0000-memory.dmp

Filesize
64KB

Download
memory/1004-68-0x0000016BFCC30000-0x0000016BFCC31000-memory.dmp

Filesize
4KB

Download
memory/1004-32-0x0000016BFCD90000-0x0000016BFCD91000-memory.dmp

Filesize
4KB

Download
memory/1004-39-0x0000016BFCDC0000-0x0000016BFCDC1000-memory.dmp

Filesize
4KB

Download
memory/1004-44-0x0000016BFC9D0000-0x0000016BFC9D1000-memory.dmp

Filesize
4KB

Download
memory/1004-46-0x0000016BFC9E0000-0x0000016BFC9E1000-memory.dmp

Filesize
4KB

Download
memory/1004-49-0x0000016BFC9D0000-0x0000016BFC9D1000-memory.dmp

Filesize
4KB

Download
memory/1004-52-0x0000016BFC910000-0x0000016BFC911000-memory.dmp

Filesize
4KB

Download
memory/1004-16-0x0000016BF47A0000-0x0000016BF47B0000-memory.dmp

Filesize
64KB

Download
memory/1004-64-0x0000016BFCB10000-0x0000016BFCB11000-memory.dmp

Filesize
4KB

Download
memory/1004-66-0x0000016BFCB20000-0x0000016BFCB21000-memory.dmp

Filesize
4KB

Download
memory/1004-67-0x0000016BFCB20000-0x0000016BFCB21000-memory.dmp

Filesize
4KB

Download
memory/1004-41-0x0000016BFCDC0000-0x0000016BFCDC1000-memory.dmp

Filesize
4KB

Download

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads