02b4c46c209ed74bcfdd68e227cdeab401208da70e435bc86786fccd5f3e020f

Analysis

max time kernel
142s
max time network
157s
platform
windows10-2004_x64
resource
win10v2004-20230915-en
resource tags

arch:x64arch:x86image:win10v2004-20230915-enlocale:en-usos:windows10-2004-x64system
submitted
02/10/2023, 11:50

Sharing

Copy URL Twitter E-mail

Report Analysis Logs

General

Target

82ddc4754e1b1e2e877202f725d89726b8f4d909fc0a153234e3bb7e7a4a8b9f.exe
Size

3.9MB
MD5

5bc54b1323295686e57cb8f4bbfb934f
SHA1

193a9731fa3d2503202529c3335690f928597475
SHA256

82ddc4754e1b1e2e877202f725d89726b8f4d909fc0a153234e3bb7e7a4a8b9f
SHA512

dd86fc44b3ef776cbd85bebbe6a9c5bfdf8d15b13167192c900d1549969529016019b28e331ca216bad1ed632347b7d24d3863f860e08f51594d948d57d69eca
SSDEEP

98304:ABzjYz067yqu/mnFQOi33nFbO4KSgPTPgS8NAvKBUuY8cvwu3707iQMMvozFVrwO:J2vhBwM2dK

Score

1^/10

Malware Config

Signatures

Suspicious behavior: EnumeratesProcesses 2 IoCs

pid	Process
2484	82ddc4754e1b1e2e877202f725d89726b8f4d909fc0a153234e3bb7e7a4a8b9f.exe
2484	82ddc4754e1b1e2e877202f725d89726b8f4d909fc0a153234e3bb7e7a4a8b9f.exe

Suspicious use of AdjustPrivilegeToken 2 IoCs

description	pid	Process
Token: SeDebugPrivilege	2484	82ddc4754e1b1e2e877202f725d89726b8f4d909fc0a153234e3bb7e7a4a8b9f.exe
Token: SeManageVolumePrivilege	4956	svchost.exe

C:\Users\Admin\AppData\Local\Temp\82ddc4754e1b1e2e877202f725d89726b8f4d909fc0a153234e3bb7e7a4a8b9f.exe
"C:\Users\Admin\AppData\Local\Temp\82ddc4754e1b1e2e877202f725d89726b8f4d909fc0a153234e3bb7e7a4a8b9f.exe"
1⤵
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of AdjustPrivilegeToken
PID:2484

C:\Windows\system32\rundll32.exe
"C:\Windows\system32\rundll32.exe" "C:\Windows\SYSTEM32\EDGEHTML.dll",#141 Microsoft.VCLibs.140.00_8wekyb3d8bbwe
1⤵
PID:1692

C:\Windows\System32\svchost.exe
C:\Windows\System32\svchost.exe -k UnistackSvcGroup
1⤵
- Suspicious use of AdjustPrivilegeToken
PID:4956

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

memory/2484-0-0x000001FEC8540000-0x000001FEC892C000-memory.dmp

Filesize
3.9MB

Download
memory/2484-1-0x00007FF8FBFD0000-0x00007FF8FCA91000-memory.dmp

Filesize
10.8MB

Download
memory/2484-3-0x000001FEC8CD0000-0x000001FEC8CE0000-memory.dmp

Filesize
64KB

Download
memory/2484-2-0x000001FEC8CC0000-0x000001FEC8CD0000-memory.dmp

Filesize
64KB

Download
memory/2484-4-0x000001FEC8CF0000-0x000001FEC8D16000-memory.dmp

Filesize
152KB

Download
memory/2484-5-0x000001FEC8D10000-0x000001FEC8D1E000-memory.dmp

Filesize
56KB

Download
memory/2484-6-0x000001FECA660000-0x000001FECA670000-memory.dmp

Filesize
64KB

Download
memory/2484-7-0x000001FECA670000-0x000001FECA67A000-memory.dmp

Filesize
40KB

Download
memory/2484-8-0x000001FECA680000-0x000001FECA692000-memory.dmp

Filesize
72KB

Download
memory/2484-9-0x000001FECA690000-0x000001FECA70C000-memory.dmp

Filesize
496KB

Download
memory/2484-10-0x000001FECA870000-0x000001FECA920000-memory.dmp

Filesize
704KB

Download
memory/2484-11-0x000001FEE4740000-0x000001FEE478A000-memory.dmp

Filesize
296KB

Download
memory/2484-12-0x000001FEE4790000-0x000001FEE47B2000-memory.dmp

Filesize
136KB

Download
memory/2484-13-0x000001FECA920000-0x000001FECA928000-memory.dmp

Filesize
32KB

Download
memory/2484-14-0x00007FF8FBFD0000-0x00007FF8FCA91000-memory.dmp

Filesize
10.8MB

Download
memory/4956-15-0x000002ADC9CA0000-0x000002ADC9CB0000-memory.dmp

Filesize
64KB

Download
memory/4956-31-0x000002ADC9DA0000-0x000002ADC9DB0000-memory.dmp

Filesize
64KB

Download
memory/4956-47-0x000002ADD2110000-0x000002ADD2111000-memory.dmp

Filesize
4KB

Download
memory/4956-49-0x000002ADD2140000-0x000002ADD2141000-memory.dmp

Filesize
4KB

Download
memory/4956-50-0x000002ADD2140000-0x000002ADD2141000-memory.dmp

Filesize
4KB

Download
memory/4956-51-0x000002ADD2250000-0x000002ADD2251000-memory.dmp

Filesize
4KB

Download