bffac5cab249ab84c12d13fb6ddf2d12f2f181b83fa2c6860da49c42bb537ba6

Analysis

max time kernel
143s
max time network
151s
platform
windows10-2004_x64
resource
win10v2004-20230915-en
resource tags

arch:x64arch:x86image:win10v2004-20230915-enlocale:en-usos:windows10-2004-x64system
submitted
04/10/2023, 03:56

Target

384-622-0x0000000003AF0000-0x0000000003C21000-memory.dll
Size

1.2MB
MD5

3ea21a7df77dc771e5ef640215bc2a6d
SHA1

5d63bff019d96c4724763749e4e27f4ad75f88ef
SHA256

bffac5cab249ab84c12d13fb6ddf2d12f2f181b83fa2c6860da49c42bb537ba6
SHA512

e1b2feb6090e1ebf0948a49ba23ce1769359d71e5137013eb941fd08bb5aa6f56b58ae3c5d3948e8df69f1801b9412cb8f1a8d6506037551a3b20a9dc99b2187
SSDEEP

24576:3C7CI9TZDEWk1wCy0zaG9cQAu1ftxmbfYQJZK/Co:7I99DEWVtQAuZmn0a

Score

1^/10

Suspicious use of AdjustPrivilegeToken 1 IoCs

description	pid	Process
Token: SeManageVolumePrivilege	1164	svchost.exe

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\384-622-0x0000000003AF0000-0x0000000003C21000-memory.dll,#1
1⤵
PID:2012

C:\Windows\system32\rundll32.exe
"C:\Windows\system32\rundll32.exe" "C:\Windows\SYSTEM32\EDGEHTML.dll",#141 Microsoft.VCLibs.140.00_8wekyb3d8bbwe
1⤵
PID:2312

C:\Windows\System32\svchost.exe
C:\Windows\System32\svchost.exe -k UnistackSvcGroup
1⤵
- Suspicious use of AdjustPrivilegeToken
PID:1164

memory/1164-0-0x0000020C8AA40000-0x0000020C8AA50000-memory.dmp

Filesize
64KB

Download
memory/1164-16-0x0000020C8AB40000-0x0000020C8AB50000-memory.dmp

Filesize
64KB

Download
memory/1164-32-0x0000020C92E90000-0x0000020C92E91000-memory.dmp

Filesize
4KB

Download
memory/1164-34-0x0000020C92EC0000-0x0000020C92EC1000-memory.dmp

Filesize
4KB

Download
memory/1164-35-0x0000020C92EC0000-0x0000020C92EC1000-memory.dmp

Filesize
4KB

Download
memory/1164-36-0x0000020C92FD0000-0x0000020C92FD1000-memory.dmp

Filesize
4KB

Download