db38e8e03fd99b1479bedd284124494c463c74a29af1950af59c50f27645a0b4

Analysis

max time kernel
143s
max time network
156s
platform
windows10-2004_x64
resource
win10v2004-20230915-en
resource tags

arch:x64arch:x86image:win10v2004-20230915-enlocale:en-usos:windows10-2004-x64system
submitted
14/10/2023, 03:28

Target

shareit_gobang/js/app.a6f290e6.js
Size

27KB
MD5

a061e5443df54491b139f706eee4f90c
SHA1

b072ea1fc1f93fedf81d49485df386666cbb5374
SHA256

c3ddd57566b66392233ea72a5f58b7ca338fd79f798c331bde64785a153926f0
SHA512

f431a94aad2ddae7db1f0d4a2f1fd81153787db5ef0c7fa5a9d9736246e3f22dee16cd4896f3974aadcab0928bd205fdfcc032aa2882a569bf4a8bbf5132b485
SSDEEP

768:SxIdnXf1QFC1uYHyKrXyszyUa5QOmdTkvJjZ:SCPz1fHyKrCkYmdT6J9

Score

1^/10

Suspicious use of AdjustPrivilegeToken 1 IoCs

description	pid	Process
Token: SeManageVolumePrivilege	4912	svchost.exe

C:\Windows\system32\wscript.exe
wscript.exe C:\Users\Admin\AppData\Local\Temp\shareit_gobang\js\app.a6f290e6.js
1⤵
PID:1836

C:\Windows\system32\rundll32.exe
"C:\Windows\system32\rundll32.exe" "C:\Windows\SYSTEM32\EDGEHTML.dll",#141 Microsoft.VCLibs.140.00_8wekyb3d8bbwe
1⤵
PID:2716

C:\Windows\System32\svchost.exe
C:\Windows\System32\svchost.exe -k UnistackSvcGroup
1⤵
- Suspicious use of AdjustPrivilegeToken
PID:4912

memory/4912-0-0x00000258C2240000-0x00000258C2250000-memory.dmp

Filesize
64KB

Download
memory/4912-16-0x00000258C2340000-0x00000258C2350000-memory.dmp

Filesize
64KB

Download
memory/4912-32-0x00000258CA670000-0x00000258CA671000-memory.dmp

Filesize
4KB

Download
memory/4912-34-0x00000258CA6A0000-0x00000258CA6A1000-memory.dmp

Filesize
4KB

Download
memory/4912-35-0x00000258CA6A0000-0x00000258CA6A1000-memory.dmp

Filesize
4KB

Download
memory/4912-36-0x00000258CA7B0000-0x00000258CA7B1000-memory.dmp

Filesize
4KB

Download