e2da9b2b37ad5b39de4f4491f8a805d44869b32d4b2563bf944dced4d0faa723

Analysis

max time kernel
142s
max time network
155s
platform
windows10-2004_x64
resource
win10v2004-20231020-en
resource tags

arch:x64arch:x86image:win10v2004-20231020-enlocale:en-usos:windows10-2004-x64system
submitted
01-11-2023 11:12

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

4360-111-0x0000000004590000-0x00000000048C2000-memory.exe
Size

3.2MB
MD5

9fa4fc6ddc5044936b6f7bdacf63c82c
SHA1

daf16dec078b7f15a35aa94cbf9ca077d2668750
SHA256

e2da9b2b37ad5b39de4f4491f8a805d44869b32d4b2563bf944dced4d0faa723
SHA512

18e5e499820b6aa2289e73caf1e0e7b969ecc284bc70266a13d89f6959362159cccac337c0b9e91ac7b0cbacf4031d297181b7d5c7ed68cfe3cc65691256aff6
SSDEEP

6144:CCV9+GFr03BWVdh93StpWsUWR5cwmXVBfFTYccgcjsX3SYVN:r9P03BWR93IpxUWal/0ccBoSYv

Score

1^/10

Malware Config

Signatures

Suspicious use of AdjustPrivilegeToken 1 IoCs

description	pid	Process
Token: SeManageVolumePrivilege	1756	svchost.exe

C:\Users\Admin\AppData\Local\Temp\4360-111-0x0000000004590000-0x00000000048C2000-memory.exe
"C:\Users\Admin\AppData\Local\Temp\4360-111-0x0000000004590000-0x00000000048C2000-memory.exe"
1⤵
PID:3796

C:\Windows\system32\rundll32.exe
"C:\Windows\system32\rundll32.exe" "C:\Windows\SYSTEM32\EDGEHTML.dll",#141 Microsoft.VCLibs.140.00_8wekyb3d8bbwe
1⤵
PID:912

C:\Windows\System32\svchost.exe
C:\Windows\System32\svchost.exe -k UnistackSvcGroup
1⤵
- Suspicious use of AdjustPrivilegeToken
PID:1756

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

memory/1756-0-0x000002889E340000-0x000002889E350000-memory.dmp

Filesize
64KB

Download
memory/1756-16-0x000002889E440000-0x000002889E450000-memory.dmp

Filesize
64KB

Download
memory/1756-32-0x00000288A6A20000-0x00000288A6A21000-memory.dmp

Filesize
4KB

Download
memory/1756-33-0x00000288A6A40000-0x00000288A6A41000-memory.dmp

Filesize
4KB

Download
memory/1756-34-0x00000288A6A40000-0x00000288A6A41000-memory.dmp

Filesize
4KB

Download
memory/1756-35-0x00000288A6A40000-0x00000288A6A41000-memory.dmp

Filesize
4KB

Download
memory/1756-36-0x00000288A6A40000-0x00000288A6A41000-memory.dmp

Filesize
4KB

Download
memory/1756-37-0x00000288A6A40000-0x00000288A6A41000-memory.dmp

Filesize
4KB

Download
memory/1756-38-0x00000288A6A40000-0x00000288A6A41000-memory.dmp

Filesize
4KB

Download
memory/1756-39-0x00000288A6A40000-0x00000288A6A41000-memory.dmp

Filesize
4KB

Download
memory/1756-40-0x00000288A6A40000-0x00000288A6A41000-memory.dmp

Filesize
4KB

Download
memory/1756-41-0x00000288A6A40000-0x00000288A6A41000-memory.dmp

Filesize
4KB

Download
memory/1756-42-0x00000288A6A40000-0x00000288A6A41000-memory.dmp

Filesize
4KB

Download
memory/1756-43-0x00000288A6670000-0x00000288A6671000-memory.dmp

Filesize
4KB

Download
memory/1756-44-0x00000288A6660000-0x00000288A6661000-memory.dmp

Filesize
4KB

Download
memory/1756-46-0x00000288A6670000-0x00000288A6671000-memory.dmp

Filesize
4KB

Download
memory/1756-49-0x00000288A6660000-0x00000288A6661000-memory.dmp

Filesize
4KB

Download
memory/1756-52-0x00000288A65A0000-0x00000288A65A1000-memory.dmp

Filesize
4KB

Download
memory/1756-64-0x00000288A67A0000-0x00000288A67A1000-memory.dmp

Filesize
4KB

Download
memory/1756-66-0x00000288A67B0000-0x00000288A67B1000-memory.dmp

Filesize
4KB

Download
memory/1756-67-0x00000288A67B0000-0x00000288A67B1000-memory.dmp

Filesize
4KB

Download
memory/1756-68-0x00000288A68C0000-0x00000288A68C1000-memory.dmp

Filesize
4KB

Download

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads