7796299a047d845ad87b24132b7bb8b337979e3e8abf22d68a9194bf24e6a88a

Analysis

max time kernel
142s
max time network
155s
platform
windows10-2004_x64
resource
win10v2004-20230915-en
resource tags

arch:x64arch:x86image:win10v2004-20230915-enlocale:en-usos:windows10-2004-x64system
submitted
07/10/2023, 21:40

Target

SecuriteInfo.com.Backdoor.Poison.31461.8631.exe
Size

43KB
MD5

96748718dcd5f0b062f37938f51a0fd9
SHA1

3ba0b1bcf944c5f05537180048a2fe21cfc00f36
SHA256

7796299a047d845ad87b24132b7bb8b337979e3e8abf22d68a9194bf24e6a88a
SHA512

8bb022e538691cd138c9e2aff708094748ac3e13d51563a330a1e48e8a56cc71b39f6e2c7d3d350d65cf2e01fdb13040a1994e8e04ce269302e70b8a5eb4c4cc
SSDEEP

768:UBp1qOM/rDdS86vrrnoSiK+zLSBxSuGiq65H0WVKs+EIPu2y/gK63+Rklzr:Ub1NLXvrrnofzAxSXiq65HYs+xTy/I+C

Score

1^/10

Suspicious use of AdjustPrivilegeToken 1 IoCs

description	pid	Process
Token: SeManageVolumePrivilege	1072	svchost.exe

C:\Users\Admin\AppData\Local\Temp\SecuriteInfo.com.Backdoor.Poison.31461.8631.exe
"C:\Users\Admin\AppData\Local\Temp\SecuriteInfo.com.Backdoor.Poison.31461.8631.exe"
1⤵
PID:2080

C:\Windows\system32\rundll32.exe
"C:\Windows\system32\rundll32.exe" "C:\Windows\SYSTEM32\EDGEHTML.dll",#141 Microsoft.VCLibs.140.00_8wekyb3d8bbwe
1⤵
PID:2136

C:\Windows\System32\svchost.exe
C:\Windows\System32\svchost.exe -k UnistackSvcGroup
1⤵
- Suspicious use of AdjustPrivilegeToken
PID:1072

memory/1072-0-0x000001E0AF640000-0x000001E0AF650000-memory.dmp

Filesize
64KB

Download
memory/1072-16-0x000001E0AF740000-0x000001E0AF750000-memory.dmp

Filesize
64KB

Download
memory/1072-32-0x000001E0B7A60000-0x000001E0B7A61000-memory.dmp

Filesize
4KB

Download
memory/1072-34-0x000001E0B7A90000-0x000001E0B7A91000-memory.dmp

Filesize
4KB

Download
memory/1072-35-0x000001E0B7A90000-0x000001E0B7A91000-memory.dmp

Filesize
4KB

Download
memory/1072-36-0x000001E0B7BA0000-0x000001E0B7BA1000-memory.dmp

Filesize
4KB

Download