0f33942281317761f0ee6b0c84f6e66cbe239880cddd1801228aaebacd33c243

Analysis

max time kernel
137s
max time network
158s
platform
windows10-2004_x64
resource
win10v2004-20230915-en
resource tags

arch:x64arch:x86image:win10v2004-20230915-enlocale:en-usos:windows10-2004-x64system
submitted
10/10/2023, 21:20

Target

aeaecc4fa8944743ac80653c88c72b30_JC.dll
Size

9KB
MD5

aeaecc4fa8944743ac80653c88c72b30
SHA1

2402ada592b4834450f099542a85447560494cbf
SHA256

0f33942281317761f0ee6b0c84f6e66cbe239880cddd1801228aaebacd33c243
SHA512

acb07448af973f42a61b8d2d4c0c11457f600c8fe404482d45f6cd29692483cc1ff8d6949994b66476417c6a3ba56ebcee3486093b0da06bf5ef4a27618fb40c
SSDEEP

192:+EQ4G7Ci+qyyksJk1Al6KAmjH2wzJ7GH4:+E5G7nfyy7kMJV5o4

Score

1^/10

Suspicious use of AdjustPrivilegeToken 1 IoCs

description	pid	Process
Token: SeManageVolumePrivilege	1896	svchost.exe

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\aeaecc4fa8944743ac80653c88c72b30_JC.dll,#1
1⤵
PID:2500

C:\Windows\system32\rundll32.exe
"C:\Windows\system32\rundll32.exe" "C:\Windows\SYSTEM32\EDGEHTML.dll",#141 Microsoft.VCLibs.140.00_8wekyb3d8bbwe
1⤵
PID:2820

C:\Windows\System32\svchost.exe
C:\Windows\System32\svchost.exe -k UnistackSvcGroup
1⤵
- Suspicious use of AdjustPrivilegeToken
PID:1896

memory/1896-0-0x000002D9D3890000-0x000002D9D38A0000-memory.dmp

Filesize
64KB

Download
memory/1896-16-0x000002D9D3990000-0x000002D9D39A0000-memory.dmp

Filesize
64KB

Download
memory/1896-32-0x000002D9DBD00000-0x000002D9DBD01000-memory.dmp

Filesize
4KB

Download
memory/1896-34-0x000002D9DBD30000-0x000002D9DBD31000-memory.dmp

Filesize
4KB

Download
memory/1896-35-0x000002D9DBD30000-0x000002D9DBD31000-memory.dmp

Filesize
4KB

Download
memory/1896-36-0x000002D9DBE40000-0x000002D9DBE41000-memory.dmp

Filesize
4KB

Download