b84cea4777322995e2cdbeb7e2031519330941358f3fad0ae403e48b36650eae

Analysis

max time kernel
142s
max time network
150s
platform
windows10-2004_x64
resource
win10v2004-20230915-en
resource tags

arch:x64arch:x86image:win10v2004-20230915-enlocale:en-usos:windows10-2004-x64system
submitted
09-10-2023 22:42

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

15b7cb2818530bbf0b55ea608d85df1bd97004a8556a358c11f84dbb93b893f7.zip
Size

647KB
MD5

5ca6a9255f572d79acde3a20a3578473
SHA1

7e4c79d060ff45555c47a8c0f13e87a545c207e9
SHA256

b84cea4777322995e2cdbeb7e2031519330941358f3fad0ae403e48b36650eae
SHA512

e146fe494136c0317f4cef1d607039f08891d726447f17adc4302d6e82ba8c6b6bb5020b048385cd73339d6ecf8a5d53fb66b5659896ea83c04343b1aedeaeb9
SSDEEP

12288:0vtdSsePvWAmOznibtcheWc+ZI2aCJ2iPWBa//rIYtTveYdURn3BK7Ape8cOt/xB:AfSjPvWBOGbt6ehXEJbWQMYJveAUR3Bp

Score

1^/10

Malware Config

Signatures

Suspicious use of AdjustPrivilegeToken 1 IoCs

description	pid	Process
Token: SeManageVolumePrivilege	1976	svchost.exe

C:\Windows\Explorer.exe
C:\Windows\Explorer.exe /idlist,,C:\Users\Admin\AppData\Local\Temp\15b7cb2818530bbf0b55ea608d85df1bd97004a8556a358c11f84dbb93b893f7.zip
1⤵
PID:4876

C:\Windows\system32\rundll32.exe
"C:\Windows\system32\rundll32.exe" "C:\Windows\SYSTEM32\EDGEHTML.dll",#141 Microsoft.VCLibs.140.00_8wekyb3d8bbwe
1⤵
PID:1520

C:\Windows\System32\svchost.exe
C:\Windows\System32\svchost.exe -k UnistackSvcGroup
1⤵
- Suspicious use of AdjustPrivilegeToken
PID:1976

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

memory/1976-0-0x0000024B6F360000-0x0000024B6F370000-memory.dmp

Filesize
64KB

Download
memory/1976-16-0x0000024B6F460000-0x0000024B6F470000-memory.dmp

Filesize
64KB

Download
memory/1976-32-0x0000024B77A50000-0x0000024B77A51000-memory.dmp

Filesize
4KB

Download
memory/1976-33-0x0000024B77A80000-0x0000024B77A81000-memory.dmp

Filesize
4KB

Download
memory/1976-34-0x0000024B77A80000-0x0000024B77A81000-memory.dmp

Filesize
4KB

Download
memory/1976-35-0x0000024B77A80000-0x0000024B77A81000-memory.dmp

Filesize
4KB

Download
memory/1976-36-0x0000024B77A80000-0x0000024B77A81000-memory.dmp

Filesize
4KB

Download
memory/1976-37-0x0000024B77A80000-0x0000024B77A81000-memory.dmp

Filesize
4KB

Download
memory/1976-38-0x0000024B77A80000-0x0000024B77A81000-memory.dmp

Filesize
4KB

Download
memory/1976-39-0x0000024B77A80000-0x0000024B77A81000-memory.dmp

Filesize
4KB

Download
memory/1976-40-0x0000024B77A80000-0x0000024B77A81000-memory.dmp

Filesize
4KB

Download
memory/1976-41-0x0000024B77A80000-0x0000024B77A81000-memory.dmp

Filesize
4KB

Download
memory/1976-42-0x0000024B77A80000-0x0000024B77A81000-memory.dmp

Filesize
4KB

Download
memory/1976-43-0x0000024B776A0000-0x0000024B776A1000-memory.dmp

Filesize
4KB

Download
memory/1976-44-0x0000024B77690000-0x0000024B77691000-memory.dmp

Filesize
4KB

Download
memory/1976-46-0x0000024B776A0000-0x0000024B776A1000-memory.dmp

Filesize
4KB

Download
memory/1976-49-0x0000024B77690000-0x0000024B77691000-memory.dmp

Filesize
4KB

Download
memory/1976-52-0x0000024B775D0000-0x0000024B775D1000-memory.dmp

Filesize
4KB

Download
memory/1976-64-0x0000024B777D0000-0x0000024B777D1000-memory.dmp

Filesize
4KB

Download
memory/1976-66-0x0000024B777E0000-0x0000024B777E1000-memory.dmp

Filesize
4KB

Download
memory/1976-68-0x0000024B778F0000-0x0000024B778F1000-memory.dmp

Filesize
4KB

Download
memory/1976-67-0x0000024B777E0000-0x0000024B777E1000-memory.dmp

Filesize
4KB

Download

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads