a14257e6a94ea6444a74f74b3f3f7a4f4f930576362d8c2d7fb0615ff9916ce7

Analysis

max time kernel
143s
max time network
150s
platform
windows10-2004_x64
resource
win10v2004-20230915-en
resource tags

arch:x64arch:x86image:win10v2004-20230915-enlocale:en-usos:windows10-2004-x64system
submitted
03/10/2023, 04:49

Target

Azienda.url
Size

192B
MD5

52aa02b4f67f2f504fcb991e6d094e58
SHA1

87e772a1597eba6b20bb750fd79c9ac30738229a
SHA256

8bb04ebea49b92e090b777efedfa44c8aa881a5531a0791f7f2404d0d50f9963
SHA512

e5baa8bbce30f1ca6c64705b9145454857c02f2a27308fc27b07c145517cbd3ccbde2cb57f94459df9fe4311a82cb3607f097a6219286f1d9eca44b953d54be4

Score

1^/10

Suspicious use of AdjustPrivilegeToken 1 IoCs

description	pid	Process
Token: SeManageVolumePrivilege	4408	svchost.exe

C:\Windows\System32\rundll32.exe
"C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL C:\Users\Admin\AppData\Local\Temp\Azienda.url
1⤵
PID:2984

C:\Windows\system32\rundll32.exe
"C:\Windows\system32\rundll32.exe" "C:\Windows\SYSTEM32\EDGEHTML.dll",#141 Microsoft.VCLibs.140.00_8wekyb3d8bbwe
1⤵
PID:1728

C:\Windows\System32\svchost.exe
C:\Windows\System32\svchost.exe -k UnistackSvcGroup
1⤵
- Suspicious use of AdjustPrivilegeToken
PID:4408

memory/4408-0-0x000001BF95240000-0x000001BF95250000-memory.dmp

Filesize
64KB

Download
memory/4408-16-0x000001BF95340000-0x000001BF95350000-memory.dmp

Filesize
64KB

Download
memory/4408-32-0x000001BF9D650000-0x000001BF9D651000-memory.dmp

Filesize
4KB

Download
memory/4408-34-0x000001BF9D680000-0x000001BF9D681000-memory.dmp

Filesize
4KB

Download
memory/4408-35-0x000001BF9D680000-0x000001BF9D681000-memory.dmp

Filesize
4KB

Download
memory/4408-36-0x000001BF9D790000-0x000001BF9D791000-memory.dmp

Filesize
4KB

Download