d42a0ee076185153555a079950e7766e497f27818557ee99ffdf1a6fbc3121db

Analysis

max time kernel
141s
max time network
150s
platform
windows10-2004_x64
resource
win10v2004-20231020-en
resource tags

arch:x64arch:x86image:win10v2004-20231020-enlocale:en-usos:windows10-2004-x64system
submitted
03/11/2023, 09:09

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

NEAS.b92029c2f3218a7075fcb8bbec8cc600.exe
Size

39KB
MD5

b92029c2f3218a7075fcb8bbec8cc600
SHA1

b00f80618166ae8f4cc7771248eebae21bdae516
SHA256

d42a0ee076185153555a079950e7766e497f27818557ee99ffdf1a6fbc3121db
SHA512

b315a03b333b8b0f5762689b22d3d8f7760dd3ec12a5f285f8a5228532a04d6a954b65d4b54fdc5ac6e40284dcdb294a381592950139dde5a8ee14b861f568e4
SSDEEP

768:DDiEQ9DOsz82VPP3lLuzZPKqDijCBrBEEp4m:QDN82VPP3lLuBZDL/p4m

Score

1^/10

Malware Config

Signatures

Suspicious use of AdjustPrivilegeToken 1 IoCs

description	pid	Process
Token: SeManageVolumePrivilege	2620	svchost.exe

C:\Users\Admin\AppData\Local\Temp\NEAS.b92029c2f3218a7075fcb8bbec8cc600.exe
"C:\Users\Admin\AppData\Local\Temp\NEAS.b92029c2f3218a7075fcb8bbec8cc600.exe"
1⤵
PID:4128

C:\Windows\system32\rundll32.exe
"C:\Windows\system32\rundll32.exe" "C:\Windows\SYSTEM32\EDGEHTML.dll",#141 Microsoft.VCLibs.140.00_8wekyb3d8bbwe
1⤵
PID:4380

C:\Windows\System32\svchost.exe
C:\Windows\System32\svchost.exe -k UnistackSvcGroup
1⤵
- Suspicious use of AdjustPrivilegeToken
PID:2620

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Comms\UnistoreDB\store.jfm

Filesize
16KB

MD5
2ef7f9be031f86854a0e5465c175ebeb

SHA1
faff04f07134958450ab4f576c89cb9b9b5b5f1b

SHA256
6c799e0f6fc2e99c9af0ad1eb3299008910ae35a14d0cf8b1840bdd5d52087f4

SHA512
0710a1162c7843c2e6e822401ef3b0dca47e4d03ab0bca35f163b153ed2f22939f51477d05ea2b3d4586c90841f49ec06204f032bcdd6dedaa3dfbf72170ca7c

Download Submit
memory/2620-42-0x00000171EE360000-0x00000171EE361000-memory.dmp

Filesize
4KB

Download
memory/2620-39-0x00000171EE360000-0x00000171EE361000-memory.dmp

Filesize
4KB

Download
memory/2620-33-0x00000171EE340000-0x00000171EE341000-memory.dmp

Filesize
4KB

Download
memory/2620-34-0x00000171EE360000-0x00000171EE361000-memory.dmp

Filesize
4KB

Download
memory/2620-35-0x00000171EE360000-0x00000171EE361000-memory.dmp

Filesize
4KB

Download
memory/2620-36-0x00000171EE360000-0x00000171EE361000-memory.dmp

Filesize
4KB

Download
memory/2620-37-0x00000171EE360000-0x00000171EE361000-memory.dmp

Filesize
4KB

Download
memory/2620-43-0x00000171EE360000-0x00000171EE361000-memory.dmp

Filesize
4KB

Download
memory/2620-69-0x00000171EE1E0000-0x00000171EE1E1000-memory.dmp

Filesize
4KB

Download
memory/2620-40-0x00000171EE360000-0x00000171EE361000-memory.dmp

Filesize
4KB

Download
memory/2620-17-0x00000171E5D50000-0x00000171E5D60000-memory.dmp

Filesize
64KB

Download
memory/2620-41-0x00000171EE360000-0x00000171EE361000-memory.dmp

Filesize
4KB

Download
memory/2620-38-0x00000171EE360000-0x00000171EE361000-memory.dmp

Filesize
4KB

Download
memory/2620-44-0x00000171EDF90000-0x00000171EDF91000-memory.dmp

Filesize
4KB

Download
memory/2620-45-0x00000171EDF80000-0x00000171EDF81000-memory.dmp

Filesize
4KB

Download
memory/2620-47-0x00000171EDF90000-0x00000171EDF91000-memory.dmp

Filesize
4KB

Download
memory/2620-50-0x00000171EDF80000-0x00000171EDF81000-memory.dmp

Filesize
4KB

Download
memory/2620-53-0x00000171EDEC0000-0x00000171EDEC1000-memory.dmp

Filesize
4KB

Download
memory/2620-1-0x00000171E5C50000-0x00000171E5C60000-memory.dmp

Filesize
64KB

Download
memory/2620-65-0x00000171EE0C0000-0x00000171EE0C1000-memory.dmp

Filesize
4KB

Download
memory/2620-67-0x00000171EE0D0000-0x00000171EE0D1000-memory.dmp

Filesize
4KB

Download
memory/2620-68-0x00000171EE0D0000-0x00000171EE0D1000-memory.dmp

Filesize
4KB

Download
memory/4128-0-0x0000000000400000-0x0000000000411000-memory.dmp

Filesize
68KB

Download

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads