5d27c0fae3a960df271728d0bc82c1184b403da3a5c26a618a0374d990f54827

Analysis

max time kernel
147s
max time network
152s
platform
windows10-2004_x64
resource
win10v2004-20230915-en
resource tags

arch:x64arch:x86image:win10v2004-20230915-enlocale:en-usos:windows10-2004-x64system
submitted
09-10-2023 20:27

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

5d27c0fae3a960df271728d0bc82c1184b403da3a5c26a618a0374d990f54827.dll
Size

259KB
MD5

889abc42841743e4626f727792827783
SHA1

4badaf94d0edf78e4a85bbda6bffe6489bde78d1
SHA256

5d27c0fae3a960df271728d0bc82c1184b403da3a5c26a618a0374d990f54827
SHA512

6e456ffb1d27f1f558b2622d72c8bd68563de5aeb5863f9930b87a7483843987c40cfebda388077bf55f7cb27c42dd153b9a3ce42d5e9d3ddfd30776ddd60587
SSDEEP

6144:uJqVG5d1IpMyibgkTZI6jHID90a/BXrH/:u3d6tevoxPBXL

Score

1^/10

Malware Config

Signatures

Suspicious use of AdjustPrivilegeToken 1 IoCs

Processes:

svchost.exe

description pid process

Token: SeManageVolumePrivilege 3528 svchost.exe

description	pid	process
Token: SeManageVolumePrivilege	3528	svchost.exe

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\5d27c0fae3a960df271728d0bc82c1184b403da3a5c26a618a0374d990f54827.dll,#1
1⤵
PID:2200

C:\Windows\system32\rundll32.exe
"C:\Windows\system32\rundll32.exe" "C:\Windows\SYSTEM32\EDGEHTML.dll",#141 Microsoft.VCLibs.140.00_8wekyb3d8bbwe
1⤵
PID:4480

C:\Windows\System32\svchost.exe
C:\Windows\System32\svchost.exe -k UnistackSvcGroup
1⤵
- Suspicious use of AdjustPrivilegeToken
PID:3528

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Comms\UnistoreDB\store.jfm
Filesize
16KB

MD5
02fde53e170d2622b984a507382afc81

SHA1
c58be094717b12b0dce45d2b64e9887053feda01

SHA256
cb5db22775ca069aa7bc86b1a67b66a8f33d41b4076c360f45182c510b757a2e

SHA512
62adb7362d7c577d18adccdf2566b76db764fff23984a9346a5370882f0f36088fb543f304c764bc5ad431784ab27531026eb5604f5a679c6d7e43c8ac8a94bd

Download Submit
memory/3528-40-0x000002048FB10000-0x000002048FB11000-memory.dmp

Filesize
4KB

Download
memory/3528-33-0x000002048FB10000-0x000002048FB11000-memory.dmp

Filesize
4KB

Download
memory/3528-42-0x000002048FB10000-0x000002048FB11000-memory.dmp

Filesize
4KB

Download
memory/3528-34-0x000002048FB10000-0x000002048FB11000-memory.dmp

Filesize
4KB

Download
memory/3528-35-0x000002048FB10000-0x000002048FB11000-memory.dmp

Filesize
4KB

Download
memory/3528-36-0x000002048FB10000-0x000002048FB11000-memory.dmp

Filesize
4KB

Download
memory/3528-37-0x000002048FB10000-0x000002048FB11000-memory.dmp

Filesize
4KB

Download
memory/3528-38-0x000002048FB10000-0x000002048FB11000-memory.dmp

Filesize
4KB

Download
memory/3528-43-0x000002048F730000-0x000002048F731000-memory.dmp

Filesize
4KB

Download
memory/3528-0-0x0000020487440000-0x0000020487450000-memory.dmp

Filesize
64KB

Download
memory/3528-68-0x000002048F980000-0x000002048F981000-memory.dmp

Filesize
4KB

Download
memory/3528-32-0x000002048FAE0000-0x000002048FAE1000-memory.dmp

Filesize
4KB

Download
memory/3528-39-0x000002048FB10000-0x000002048FB11000-memory.dmp

Filesize
4KB

Download
memory/3528-44-0x000002048F720000-0x000002048F721000-memory.dmp

Filesize
4KB

Download
memory/3528-46-0x000002048F730000-0x000002048F731000-memory.dmp

Filesize
4KB

Download
memory/3528-49-0x000002048F720000-0x000002048F721000-memory.dmp

Filesize
4KB

Download
memory/3528-52-0x000002048F660000-0x000002048F661000-memory.dmp

Filesize
4KB

Download
memory/3528-16-0x0000020487540000-0x0000020487550000-memory.dmp

Filesize
64KB

Download
memory/3528-64-0x000002048F860000-0x000002048F861000-memory.dmp

Filesize
4KB

Download
memory/3528-66-0x000002048F870000-0x000002048F871000-memory.dmp

Filesize
4KB

Download
memory/3528-67-0x000002048F870000-0x000002048F871000-memory.dmp

Filesize
4KB

Download
memory/3528-41-0x000002048FB10000-0x000002048FB11000-memory.dmp

Filesize
4KB

Download

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads