264431deedc4ae2c73d7bd5cdf2ba016691d5e3bccf53487b3cce1955adb3929

Analysis

max time kernel
144s
max time network
154s
platform
windows10-2004_x64
resource
win10v2004-20231020-en
resource tags

arch:x64arch:x86image:win10v2004-20231020-enlocale:en-usos:windows10-2004-x64system
submitted
31/10/2023, 18:37

Sharing

Copy URL Twitter E-mail

Report Analysis Logs

General

Target

b75a2ec3b44d2d2091a142a603a400355ff14d06c95bbdcb0c452cda3461f929.js
Size

127KB
MD5

1f41f40975a1631c82a09190ae1e27c9
SHA1

b838e401ce716141f8cd03bc9f4a4ae8557cf9f1
SHA256

b75a2ec3b44d2d2091a142a603a400355ff14d06c95bbdcb0c452cda3461f929
SHA512

c9db868293fb369ad6f67b1f058f220cad4505ec58d9c35ec1453b252a37f08c11ac53bae6616090096c0230c707d20e05b5bbca7702cd3bb51d5c31bf0ddeb1
SSDEEP

3072:/jL+dKMubHspZQ513Rqyy7XZmgMmY04yU:/HkKtbcZyy7XQge

Score

1^/10

Malware Config

Signatures

Suspicious use of AdjustPrivilegeToken 1 IoCs

description	pid	Process
Token: SeManageVolumePrivilege	1680	svchost.exe

C:\Windows\system32\wscript.exe
wscript.exe C:\Users\Admin\AppData\Local\Temp\b75a2ec3b44d2d2091a142a603a400355ff14d06c95bbdcb0c452cda3461f929.js
1⤵
PID:2228

C:\Windows\system32\rundll32.exe
"C:\Windows\system32\rundll32.exe" "C:\Windows\SYSTEM32\EDGEHTML.dll",#141 Microsoft.VCLibs.140.00_8wekyb3d8bbwe
1⤵
PID:1140

C:\Windows\System32\svchost.exe
C:\Windows\System32\svchost.exe -k UnistackSvcGroup
1⤵
- Suspicious use of AdjustPrivilegeToken
PID:1680

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Comms\UnistoreDB\store.jfm

Filesize
16KB

MD5
3a7412a371c436cc35243370919b100d

SHA1
af6b376c62ea7165714c97b337ccc9bdb721b273

SHA256
ba7f001ce88a9dbee791d1ba3fdc9da48ad02b620c840f6d665bc17823801290

SHA512
5bebe605a1effba14bcc1cb0c2deb9bcf3aa52f66b47c31efcc3e31d85ec46bd7810122834b8a44e1f5a4aa0df3a7942543f744579fdea9fad2a6cffce6519b0

Download Submit
memory/1680-40-0x00000172BC820000-0x00000172BC821000-memory.dmp

Filesize
4KB

Download
memory/1680-42-0x00000172BC820000-0x00000172BC821000-memory.dmp

Filesize
4KB

Download
memory/1680-33-0x00000172BC820000-0x00000172BC821000-memory.dmp

Filesize
4KB

Download
memory/1680-34-0x00000172BC820000-0x00000172BC821000-memory.dmp

Filesize
4KB

Download
memory/1680-35-0x00000172BC820000-0x00000172BC821000-memory.dmp

Filesize
4KB

Download
memory/1680-36-0x00000172BC820000-0x00000172BC821000-memory.dmp

Filesize
4KB

Download
memory/1680-37-0x00000172BC820000-0x00000172BC821000-memory.dmp

Filesize
4KB

Download
memory/1680-38-0x00000172BC820000-0x00000172BC821000-memory.dmp

Filesize
4KB

Download
memory/1680-39-0x00000172BC820000-0x00000172BC821000-memory.dmp

Filesize
4KB

Download
memory/1680-43-0x00000172BC450000-0x00000172BC451000-memory.dmp

Filesize
4KB

Download
memory/1680-32-0x00000172BC800000-0x00000172BC801000-memory.dmp

Filesize
4KB

Download
memory/1680-41-0x00000172BC820000-0x00000172BC821000-memory.dmp

Filesize
4KB

Download
memory/1680-0-0x00000172B4140000-0x00000172B4150000-memory.dmp

Filesize
64KB

Download
memory/1680-44-0x00000172BC440000-0x00000172BC441000-memory.dmp

Filesize
4KB

Download
memory/1680-46-0x00000172BC450000-0x00000172BC451000-memory.dmp

Filesize
4KB

Download
memory/1680-49-0x00000172BC440000-0x00000172BC441000-memory.dmp

Filesize
4KB

Download
memory/1680-52-0x00000172BC380000-0x00000172BC381000-memory.dmp

Filesize
4KB

Download
memory/1680-16-0x00000172B4240000-0x00000172B4250000-memory.dmp

Filesize
64KB

Download
memory/1680-64-0x00000172BC580000-0x00000172BC581000-memory.dmp

Filesize
4KB

Download
memory/1680-66-0x00000172BC590000-0x00000172BC591000-memory.dmp

Filesize
4KB

Download
memory/1680-67-0x00000172BC590000-0x00000172BC591000-memory.dmp

Filesize
4KB

Download
memory/1680-68-0x00000172BC6A0000-0x00000172BC6A1000-memory.dmp

Filesize
4KB

Download

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads