198828ec5c03ed4335959cc93b16e34cb7a0a8e7ba329d4de6e81a714b684064

Analysis

max time kernel
141s
max time network
146s
platform
windows10-2004_x64
resource
win10v2004-20230915-en
resource tags

arch:x64arch:x86image:win10v2004-20230915-enlocale:en-usos:windows10-2004-x64system
submitted
07/10/2023, 04:05

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

2100-81-0x00000000033F0000-0x0000000003521000-memory.dll
Size

1.2MB
MD5

284c192e526e82420bcf81e3940bba02
SHA1

4c28c6c6f94bf335f308b28b7a9c8aef28f25a72
SHA256

198828ec5c03ed4335959cc93b16e34cb7a0a8e7ba329d4de6e81a714b684064
SHA512

129a61f0f89e31e6f36d32cd12b2f8d0616211575b4ea9321c4e7c022d931fef640e6de22050b7c5de55e833854a0fd49376939b4dc6b3964f444c967c0bda80
SSDEEP

24576:3C7CI9TZDEWk1wCy0zaG9cQA+1ftxmbfYQJZKiZRy4:7I99DEWVtQA+Zmn0iZ0

Score

1^/10

Malware Config

Signatures

Suspicious use of AdjustPrivilegeToken 1 IoCs

description	pid	Process
Token: SeManageVolumePrivilege	3180	svchost.exe

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\2100-81-0x00000000033F0000-0x0000000003521000-memory.dll,#1
1⤵
PID:4248

C:\Windows\system32\rundll32.exe
"C:\Windows\system32\rundll32.exe" "C:\Windows\SYSTEM32\EDGEHTML.dll",#141 Microsoft.VCLibs.140.00_8wekyb3d8bbwe
1⤵
PID:4224

C:\Windows\System32\svchost.exe
C:\Windows\System32\svchost.exe -k UnistackSvcGroup
1⤵
- Suspicious use of AdjustPrivilegeToken
PID:3180

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

memory/3180-0-0x0000016FCA350000-0x0000016FCA360000-memory.dmp

Filesize
64KB

Download
memory/3180-16-0x0000016FCA450000-0x0000016FCA460000-memory.dmp

Filesize
64KB

Download
memory/3180-32-0x0000016FD2A40000-0x0000016FD2A41000-memory.dmp

Filesize
4KB

Download
memory/3180-33-0x0000016FD2A70000-0x0000016FD2A71000-memory.dmp

Filesize
4KB

Download
memory/3180-34-0x0000016FD2A70000-0x0000016FD2A71000-memory.dmp

Filesize
4KB

Download
memory/3180-35-0x0000016FD2A70000-0x0000016FD2A71000-memory.dmp

Filesize
4KB

Download
memory/3180-36-0x0000016FD2A70000-0x0000016FD2A71000-memory.dmp

Filesize
4KB

Download
memory/3180-37-0x0000016FD2A70000-0x0000016FD2A71000-memory.dmp

Filesize
4KB

Download
memory/3180-38-0x0000016FD2A70000-0x0000016FD2A71000-memory.dmp

Filesize
4KB

Download
memory/3180-39-0x0000016FD2A70000-0x0000016FD2A71000-memory.dmp

Filesize
4KB

Download
memory/3180-40-0x0000016FD2A70000-0x0000016FD2A71000-memory.dmp

Filesize
4KB

Download
memory/3180-41-0x0000016FD2A70000-0x0000016FD2A71000-memory.dmp

Filesize
4KB

Download
memory/3180-42-0x0000016FD2A70000-0x0000016FD2A71000-memory.dmp

Filesize
4KB

Download
memory/3180-43-0x0000016FD2690000-0x0000016FD2691000-memory.dmp

Filesize
4KB

Download
memory/3180-44-0x0000016FD2680000-0x0000016FD2681000-memory.dmp

Filesize
4KB

Download
memory/3180-46-0x0000016FD2690000-0x0000016FD2691000-memory.dmp

Filesize
4KB

Download
memory/3180-49-0x0000016FD2680000-0x0000016FD2681000-memory.dmp

Filesize
4KB

Download
memory/3180-52-0x0000016FD25C0000-0x0000016FD25C1000-memory.dmp

Filesize
4KB

Download
memory/3180-64-0x0000016FD27C0000-0x0000016FD27C1000-memory.dmp

Filesize
4KB

Download
memory/3180-66-0x0000016FD27D0000-0x0000016FD27D1000-memory.dmp

Filesize
4KB

Download
memory/3180-67-0x0000016FD27D0000-0x0000016FD27D1000-memory.dmp

Filesize
4KB

Download
memory/3180-68-0x0000016FD28E0000-0x0000016FD28E1000-memory.dmp

Filesize
4KB

Download

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads