4859ab9cd5efbe0d4f63799126110d744a42eff057fa22ff1bd11cb59b49608c

Resubmissions

25-09-2023 22:58

25-09-2023 12:39

max time kernel
143s
max time network
156s
platform
windows10-2004_x64
resource
win10v2004-20230915-en
resource tags

arch:x64arch:x86image:win10v2004-20230915-enlocale:en-usos:windows10-2004-x64system
submitted
25-09-2023 22:58

Target

appx/es6-promise.min.js
Size

6KB
MD5

87386dc55ba8a0148b2b368daa730e3a
SHA1

721f69e52595a309169781c6fd9f31b5cb971b94
SHA256

c0e9849f5a195abee01fb0c70da42c232c6cc0ec226f67d54ab31975f2eedf9a
SHA512

d60c1edf9adba7440bdee328ddb80af8470aaa19b2bd90b03746738eefb066929d0c8a9b824fed7d64f22fc643ea9db27413747425917f635d681490ad098a67
SSDEEP

96:+0jEIlgBtFX762eQAl25zU2sycRu56+NUXvfRW2CjwqKbq5hizUfUAEvm0r/GzR:+NXt22vdcR1tqKbDAENrGR

Score

1^/10

Suspicious use of AdjustPrivilegeToken 1 IoCs

Processes:

svchost.exe

description pid process

Token: SeManageVolumePrivilege 4776 svchost.exe

description	pid	process
Token: SeManageVolumePrivilege	4776	svchost.exe

C:\Windows\system32\wscript.exe
wscript.exe C:\Users\Admin\AppData\Local\Temp\appx\es6-promise.min.js
1⤵
PID:3652

C:\Windows\system32\rundll32.exe
"C:\Windows\system32\rundll32.exe" "C:\Windows\SYSTEM32\EDGEHTML.dll",#141 Microsoft.VCLibs.140.00_8wekyb3d8bbwe
1⤵
PID:484

C:\Windows\System32\svchost.exe
C:\Windows\System32\svchost.exe -k UnistackSvcGroup
1⤵
- Suspicious use of AdjustPrivilegeToken
PID:4776

memory/4776-0-0x0000027951180000-0x0000027951190000-memory.dmp

Filesize
64KB

Download
memory/4776-16-0x0000027951280000-0x0000027951290000-memory.dmp

Filesize
64KB

Download
memory/4776-32-0x00000279595F0000-0x00000279595F1000-memory.dmp

Filesize
4KB

Download
memory/4776-34-0x0000027959620000-0x0000027959621000-memory.dmp

Filesize
4KB

Download
memory/4776-35-0x0000027959620000-0x0000027959621000-memory.dmp

Filesize
4KB

Download
memory/4776-36-0x0000027959730000-0x0000027959731000-memory.dmp

Filesize
4KB

Download