dcf340b76187286ffafdce503c240edbba81adc753084723acbd4613a9a77322

Analysis

max time kernel
143s
max time network
152s
platform
windows10-2004_x64
resource
win10v2004-20231020-en
resource tags

arch:x64arch:x86image:win10v2004-20231020-enlocale:en-usos:windows10-2004-x64system
submitted
31-10-2023 20:28

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

NEAS.8b6d4f70bc06a41871672ae520b95060_JC.exe
Size

14KB
MD5

8b6d4f70bc06a41871672ae520b95060
SHA1

d34cb88792b683e14bb9042f8605a9b10dc89db8
SHA256

dcf340b76187286ffafdce503c240edbba81adc753084723acbd4613a9a77322
SHA512

7e7db6f535e27c2dbbf70286eac506fc906d38f0fbb9af8f33b16e60fba163de952a226e6f45d0e9ecd5a5317c9699e9eb466189e4f7161526f9a83b2cf2b926
SSDEEP

384:NLo8SM32l/l8K9gFGhSPexJtsxvDE045HgJeJeJeJe:NvT32ltLKGMeHix7A

Score

1^/10

Malware Config

Signatures

Suspicious use of AdjustPrivilegeToken 1 IoCs

description	pid	Process
Token: SeManageVolumePrivilege	3124	svchost.exe

C:\Users\Admin\AppData\Local\Temp\NEAS.8b6d4f70bc06a41871672ae520b95060_JC.exe
"C:\Users\Admin\AppData\Local\Temp\NEAS.8b6d4f70bc06a41871672ae520b95060_JC.exe"
1⤵
PID:4248

C:\Windows\system32\rundll32.exe
"C:\Windows\system32\rundll32.exe" "C:\Windows\SYSTEM32\EDGEHTML.dll",#141 Microsoft.VCLibs.140.00_8wekyb3d8bbwe
1⤵
PID:4044

C:\Windows\System32\svchost.exe
C:\Windows\System32\svchost.exe -k UnistackSvcGroup
1⤵
- Suspicious use of AdjustPrivilegeToken
PID:3124

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Comms\UnistoreDB\store.jfm

Filesize
16KB

MD5
0159de5bcd76ba46d4b982d3dc196d4e

SHA1
2433a1ffe1f9bf6452e7b7a49a9d8b8345414711

SHA256
f29ca57a9e05383f6ad88f3edadf490052a7f77f2e00079128ee141ec3744404

SHA512
bd41e10d3a1289110b4f4e97e7e582500c2d032bd7de27eb4884dbbe12a1a9115138c047cf507896fc03b7f810f832ce15a3f1202a9291beb7e4405a0de275d6

Download Submit
memory/3124-42-0x000002111E6B0000-0x000002111E6B1000-memory.dmp

Filesize
4KB

Download
memory/3124-69-0x000002111E530000-0x000002111E531000-memory.dmp

Filesize
4KB

Download
memory/3124-41-0x000002111E6B0000-0x000002111E6B1000-memory.dmp

Filesize
4KB

Download
memory/3124-34-0x000002111E6B0000-0x000002111E6B1000-memory.dmp

Filesize
4KB

Download
memory/3124-35-0x000002111E6B0000-0x000002111E6B1000-memory.dmp

Filesize
4KB

Download
memory/3124-36-0x000002111E6B0000-0x000002111E6B1000-memory.dmp

Filesize
4KB

Download
memory/3124-37-0x000002111E6B0000-0x000002111E6B1000-memory.dmp

Filesize
4KB

Download
memory/3124-38-0x000002111E6B0000-0x000002111E6B1000-memory.dmp

Filesize
4KB

Download
memory/3124-39-0x000002111E6B0000-0x000002111E6B1000-memory.dmp

Filesize
4KB

Download
memory/3124-43-0x000002111E6B0000-0x000002111E6B1000-memory.dmp

Filesize
4KB

Download
memory/3124-33-0x000002111E690000-0x000002111E691000-memory.dmp

Filesize
4KB

Download
memory/3124-17-0x00000211160A0000-0x00000211160B0000-memory.dmp

Filesize
64KB

Download
memory/3124-40-0x000002111E6B0000-0x000002111E6B1000-memory.dmp

Filesize
4KB

Download
memory/3124-44-0x000002111E2E0000-0x000002111E2E1000-memory.dmp

Filesize
4KB

Download
memory/3124-45-0x000002111E2D0000-0x000002111E2D1000-memory.dmp

Filesize
4KB

Download
memory/3124-47-0x000002111E2E0000-0x000002111E2E1000-memory.dmp

Filesize
4KB

Download
memory/3124-50-0x000002111E2D0000-0x000002111E2D1000-memory.dmp

Filesize
4KB

Download
memory/3124-53-0x000002111E210000-0x000002111E211000-memory.dmp

Filesize
4KB

Download
memory/3124-1-0x0000021115FA0000-0x0000021115FB0000-memory.dmp

Filesize
64KB

Download
memory/3124-65-0x000002111E410000-0x000002111E411000-memory.dmp

Filesize
4KB

Download
memory/3124-67-0x000002111E420000-0x000002111E421000-memory.dmp

Filesize
4KB

Download
memory/3124-68-0x000002111E420000-0x000002111E421000-memory.dmp

Filesize
4KB

Download
memory/4248-0-0x0000000000400000-0x000000000040A000-memory.dmp

Filesize
40KB

Download

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads