570c9d08be0d35e319bfa9e00656734ad985eb05e8f99c7ae5156468c9f274e7

Analysis

max time kernel
143s
max time network
153s
platform
windows10-2004_x64
resource
win10v2004-20230915-en
resource tags

arch:x64arch:x86image:win10v2004-20230915-enlocale:en-usos:windows10-2004-x64system
submitted
04/10/2023, 07:08

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

빨간펜.exe
Size

258KB
MD5

9ecaa57b13565fb5c99a94cf6d0088de
SHA1

e5f9e45d1050b89e9cadc74a60455f3c4dfe4ff9
SHA256

570c9d08be0d35e319bfa9e00656734ad985eb05e8f99c7ae5156468c9f274e7
SHA512

35a0cf585ee0b02347062cb1c9a4b1e6bd33de4d8884fa173e6cea432ffcddf755a3ceee924d7210232c3869c2c5ec7ffa12a21be44bafb2fe10d50d38bb578b
SSDEEP

6144:QMX+ZwNPbMIFMUJ3IInUchQkFpVgFmH9PV0z2sdP:jOZwbZ3IoGkFpVga9Phsp

Score

1^/10

Malware Config

Signatures

Suspicious use of AdjustPrivilegeToken 1 IoCs

description	pid	Process
Token: SeManageVolumePrivilege	1368	svchost.exe

C:\Users\Admin\AppData\Local\Temp\빨간펜.exe
"C:\Users\Admin\AppData\Local\Temp\빨간펜.exe"
1⤵
PID:1044

C:\Windows\system32\rundll32.exe
"C:\Windows\system32\rundll32.exe" "C:\Windows\SYSTEM32\EDGEHTML.dll",#141 Microsoft.VCLibs.140.00_8wekyb3d8bbwe
1⤵
PID:4476

C:\Windows\System32\svchost.exe
C:\Windows\System32\svchost.exe -k UnistackSvcGroup
1⤵
- Suspicious use of AdjustPrivilegeToken
PID:1368

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Comms\UnistoreDB\store.jfm

Filesize
16KB

MD5
1a793dd6649b9088b0e510f0a19ced2f

SHA1
934c88e9cc56da330f20502fefdba46b2c15bc28

SHA256
8f77e95e093b9a748c02b5bd556b9338e350f975335f9df256ebef5b6d6026e9

SHA512
8e158ac02a43bb9b3721227369c86e108c993d16feff597e895d4d6753efd29fa07e7f56796f2c2e93ce322b3f163d0eb792d4b893957f1fc9e74c83e70624b5

Download Submit
memory/1044-0-0x0000000000400000-0x0000000000420000-memory.dmp

Filesize
128KB

Download
memory/1368-52-0x000001DB12000000-0x000001DB12001000-memory.dmp

Filesize
4KB

Download
memory/1368-53-0x000001DB12000000-0x000001DB12001000-memory.dmp

Filesize
4KB

Download
memory/1368-44-0x000001DB10E00000-0x000001DB10E01000-memory.dmp

Filesize
4KB

Download
memory/1368-45-0x000001DB10E00000-0x000001DB10E01000-memory.dmp

Filesize
4KB

Download
memory/1368-46-0x000001DB10E00000-0x000001DB10E01000-memory.dmp

Filesize
4KB

Download
memory/1368-47-0x000001DB10E00000-0x000001DB10E01000-memory.dmp

Filesize
4KB

Download
memory/1368-48-0x000001DB10E00000-0x000001DB10E01000-memory.dmp

Filesize
4KB

Download
memory/1368-49-0x000001DB10E00000-0x000001DB10E01000-memory.dmp

Filesize
4KB

Download
memory/1368-50-0x000001DB10E00000-0x000001DB10E01000-memory.dmp

Filesize
4KB

Download
memory/1368-54-0x000001DB10A20000-0x000001DB10A21000-memory.dmp

Filesize
4KB

Download
memory/1368-43-0x000001DB10DD0000-0x000001DB10DD1000-memory.dmp

Filesize
4KB

Download
memory/1368-27-0x000001DB08840000-0x000001DB08850000-memory.dmp

Filesize
64KB

Download
memory/1368-51-0x000001DB10E00000-0x000001DB10E01000-memory.dmp

Filesize
4KB

Download
memory/1368-55-0x000001DB10A10000-0x000001DB10A11000-memory.dmp

Filesize
4KB

Download
memory/1368-57-0x000001DB10A20000-0x000001DB10A21000-memory.dmp

Filesize
4KB

Download
memory/1368-60-0x000001DB10A10000-0x000001DB10A11000-memory.dmp

Filesize
4KB

Download
memory/1368-63-0x000001DB10950000-0x000001DB10951000-memory.dmp

Filesize
4KB

Download
memory/1368-11-0x000001DB08740000-0x000001DB08750000-memory.dmp

Filesize
64KB

Download
memory/1368-75-0x000001DB10B50000-0x000001DB10B51000-memory.dmp

Filesize
4KB

Download
memory/1368-77-0x000001DB10B60000-0x000001DB10B61000-memory.dmp

Filesize
4KB

Download
memory/1368-78-0x000001DB10B60000-0x000001DB10B61000-memory.dmp

Filesize
4KB

Download
memory/1368-79-0x000001DB10C70000-0x000001DB10C71000-memory.dmp

Filesize
4KB

Download

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads