42498562b621f4e23c88dd7031a435aeba911a3fc436d2d9ab3bc502abb21df0

Analysis

max time kernel
150s
max time network
150s
platform
windows10-2004_x64
resource
win10v2004-20231025-en
resource tags

arch:x64arch:x86image:win10v2004-20231025-enlocale:en-usos:windows10-2004-x64system
submitted
02-11-2023 16:16

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

NEAS.3bd8752884a82126c7089f8e73b33bc0_JC.dll
Size

3.6MB
MD5

3bd8752884a82126c7089f8e73b33bc0
SHA1

1956f6ed757fbab66216cf266aa70f9a69b7b49b
SHA256

42498562b621f4e23c88dd7031a435aeba911a3fc436d2d9ab3bc502abb21df0
SHA512

02a936e491abed78185587c8e07e34ad701e1bea3fa82b9b2ce565e850e52484d5a2ac21724d574dacc8b23e65d438d6c61d2066b8c53074169a02cba94fe574
SSDEEP

98304:e152l+q6FWcP76CVYUzGhaYoWcaa9v2kZ/II5itSjkD5JJ:w5pRoMWCGsGhxbexdZ/nES05D

Score

1^/10

Malware Config

Signatures

Suspicious use of AdjustPrivilegeToken 1 IoCs

description	pid	Process
Token: SeManageVolumePrivilege	2464	svchost.exe

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 2096 wrote to memory of 3672	2096	rundll32.exe	86
PID 2096 wrote to memory of 3672	2096	rundll32.exe	86
PID 2096 wrote to memory of 3672	2096	rundll32.exe	86

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\NEAS.3bd8752884a82126c7089f8e73b33bc0_JC.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:2096
- C:\Windows\SysWOW64\rundll32.exe
  rundll32.exe C:\Users\Admin\AppData\Local\Temp\NEAS.3bd8752884a82126c7089f8e73b33bc0_JC.dll,#1
  2⤵
  PID:3672

C:\Windows\system32\rundll32.exe
"C:\Windows\system32\rundll32.exe" "C:\Windows\SYSTEM32\EDGEHTML.dll",#141 Microsoft.VCLibs.140.00_8wekyb3d8bbwe
1⤵
PID:3740

C:\Windows\System32\svchost.exe
C:\Windows\System32\svchost.exe -k UnistackSvcGroup
1⤵
- Suspicious use of AdjustPrivilegeToken
PID:2464

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Comms\UnistoreDB\store.jfm

Filesize
16KB

MD5
49be653079b1715fbbf77ba27ca9d4c4

SHA1
94e61d1ab41883f38cb014f7f862ad52392756b7

SHA256
06bb0d518179ab41d66f8985635d2ad3ca5634666e368ab07cef89862bc28e76

SHA512
a265103e0e8a3748d0a36b75622c4268b7f30b979bc4a2d50698b8b9e30ee78ad4a0c272b3690989ca83abd917de66caba28a78b73e928af22c9c7e1dce8cb93

Download Submit
memory/2464-47-0x000002567E830000-0x000002567E831000-memory.dmp

Filesize
4KB

Download
memory/2464-59-0x000002567E460000-0x000002567E461000-memory.dmp

Filesize
4KB

Download
memory/2464-48-0x000002567E830000-0x000002567E831000-memory.dmp

Filesize
4KB

Download
memory/2464-78-0x000002567E6C0000-0x000002567E6C1000-memory.dmp

Filesize
4KB

Download
memory/2464-49-0x000002567E830000-0x000002567E831000-memory.dmp

Filesize
4KB

Download
memory/2464-77-0x000002567E5B0000-0x000002567E5B1000-memory.dmp

Filesize
4KB

Download
memory/2464-10-0x000002567E140000-0x000002567E150000-memory.dmp

Filesize
64KB

Download
memory/2464-26-0x000002567E240000-0x000002567E250000-memory.dmp

Filesize
64KB

Download
memory/2464-42-0x000002567E820000-0x000002567E821000-memory.dmp

Filesize
4KB

Download
memory/2464-43-0x000002567E830000-0x000002567E831000-memory.dmp

Filesize
4KB

Download
memory/2464-44-0x000002567E830000-0x000002567E831000-memory.dmp

Filesize
4KB

Download
memory/2464-50-0x000002567E840000-0x000002567E841000-memory.dmp

Filesize
4KB

Download
memory/2464-46-0x000002567E830000-0x000002567E831000-memory.dmp

Filesize
4KB

Download
memory/2464-76-0x000002567E5B0000-0x000002567E5B1000-memory.dmp

Filesize
4KB

Download
memory/2464-74-0x000002567E5A0000-0x000002567E5A1000-memory.dmp

Filesize
4KB

Download
memory/2464-62-0x000002567E3A0000-0x000002567E3A1000-memory.dmp

Filesize
4KB

Download
memory/2464-45-0x000002567E830000-0x000002567E831000-memory.dmp

Filesize
4KB

Download
memory/2464-51-0x000002567E840000-0x000002567E841000-memory.dmp

Filesize
4KB

Download
memory/2464-52-0x000002567E840000-0x000002567E841000-memory.dmp

Filesize
4KB

Download
memory/2464-53-0x000002567E470000-0x000002567E471000-memory.dmp

Filesize
4KB

Download
memory/2464-54-0x000002567E460000-0x000002567E461000-memory.dmp

Filesize
4KB

Download
memory/2464-56-0x000002567E470000-0x000002567E471000-memory.dmp

Filesize
4KB

Download
memory/3672-4-0x0000000002B30000-0x0000000002C54000-memory.dmp

Filesize
1.1MB

Download
memory/3672-8-0x0000000002C60000-0x0000000002D66000-memory.dmp

Filesize
1.0MB

Download
memory/3672-1-0x0000000010000000-0x00000000103A4000-memory.dmp

Filesize
3.6MB

Download
memory/3672-5-0x0000000002C60000-0x0000000002D66000-memory.dmp

Filesize
1.0MB

Download
memory/3672-0-0x0000000000CF0000-0x0000000000CF6000-memory.dmp

Filesize
24KB

Download
memory/3672-9-0x0000000002C60000-0x0000000002D66000-memory.dmp

Filesize
1.0MB

Download
memory/3672-6-0x0000000002C60000-0x0000000002D66000-memory.dmp

Filesize
1.0MB

Download

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads