76e3dbab3672c60e088f0f847a6689b6d89b188fb8352dea1c3aae92677ad776

Analysis

max time kernel
143s
max time network
152s
platform
windows10-2004_x64
resource
win10v2004-20230915-en
resource tags

arch:x64arch:x86image:win10v2004-20230915-enlocale:en-usos:windows10-2004-x64system
submitted
05/10/2023, 17:20

Target

76e3dbab3672c60e088f0f847a6689b6d89b188fb8352dea1c3aae92677ad776bat_JC.vbs
Size

1014KB
MD5

154053ada40acec9b18934355d19199a
SHA1

4479454f529f1c0241f7812523dd8f77a6e61cf7
SHA256

76e3dbab3672c60e088f0f847a6689b6d89b188fb8352dea1c3aae92677ad776
SHA512

073eb3c11842ad387fc1206aa138b8f85f92a9c924204cfc1650c5af95438c991358921951cf6b0efc296434e2d391094cf64b0def8f06c5f692f3e51e2c5281
SSDEEP

12288:LJ7GgeuE+Na1cZih2DlayjoXIR8ncldmwJdj873gIZj5atz/CG6KqjogCSayDQmV:NvNNkc9J/kXkycldmkEyJKBsgCSayEzu

Score

1^/10

Suspicious use of AdjustPrivilegeToken 1 IoCs

description	pid	Process
Token: SeManageVolumePrivilege	4108	svchost.exe

C:\Windows\System32\WScript.exe
"C:\Windows\System32\WScript.exe" "C:\Users\Admin\AppData\Local\Temp\76e3dbab3672c60e088f0f847a6689b6d89b188fb8352dea1c3aae92677ad776bat_JC.vbs"
1⤵
PID:4456

C:\Windows\system32\rundll32.exe
"C:\Windows\system32\rundll32.exe" "C:\Windows\SYSTEM32\EDGEHTML.dll",#141 Microsoft.VCLibs.140.00_8wekyb3d8bbwe
1⤵
PID:3568

C:\Windows\System32\svchost.exe
C:\Windows\System32\svchost.exe -k UnistackSvcGroup
1⤵
- Suspicious use of AdjustPrivilegeToken
PID:4108

memory/4108-0-0x000002FDD8340000-0x000002FDD8350000-memory.dmp

Filesize
64KB

Download
memory/4108-16-0x000002FDD8440000-0x000002FDD8450000-memory.dmp

Filesize
64KB

Download
memory/4108-32-0x000002FDE0730000-0x000002FDE0731000-memory.dmp

Filesize
4KB

Download
memory/4108-34-0x000002FDE0760000-0x000002FDE0761000-memory.dmp

Filesize
4KB

Download
memory/4108-35-0x000002FDE0760000-0x000002FDE0761000-memory.dmp

Filesize
4KB

Download
memory/4108-36-0x000002FDE0870000-0x000002FDE0871000-memory.dmp

Filesize
4KB

Download