53338d643052bb2082f1370c21a21ff41ee1e6f43b3bd937519d7c9a491aeb13

Analysis

max time kernel
146s
max time network
149s
platform
windows10-2004_x64
resource
win10v2004-20231023-en
resource tags

arch:x64arch:x86image:win10v2004-20231023-enlocale:en-usos:windows10-2004-x64system
submitted
03/11/2023, 20:44

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

NoodMaker.exe
Size

1.8MB
MD5

cb131b05dc3e42fad5caeadccbee378b
SHA1

8965d8da52af8379704b09226252e185ae1b0f6f
SHA256

53338d643052bb2082f1370c21a21ff41ee1e6f43b3bd937519d7c9a491aeb13
SHA512

29ea1a20b01f81b1948c43cb2d62bc7045486d66b65705d5acd5e4b2c5a715b95028a880ed0c4e839d875aef2fd411431b600e21077a5621ef3997d954ddf011
SSDEEP

49152:TL2snho42br76d4+SoXEp6FyhCEu4c8IvBaHOgTOa1t2icVsUrG:TXho4Ur76d2oK6FyhCEu4c8ISpt2icaU

Score

1^/10

Malware Config

Signatures

Suspicious use of AdjustPrivilegeToken 1 IoCs

description	pid	Process
Token: SeManageVolumePrivilege	2556	svchost.exe

Suspicious use of SetWindowsHookEx 2 IoCs

pid	Process
4040	NoodMaker.exe
4040	NoodMaker.exe

C:\Users\Admin\AppData\Local\Temp\NoodMaker.exe
"C:\Users\Admin\AppData\Local\Temp\NoodMaker.exe"
1⤵
- Suspicious use of SetWindowsHookEx
PID:4040

C:\Windows\system32\rundll32.exe
"C:\Windows\system32\rundll32.exe" "C:\Windows\SYSTEM32\EDGEHTML.dll",#141 Microsoft.VCLibs.140.00_8wekyb3d8bbwe
1⤵
PID:4320

C:\Windows\System32\svchost.exe
C:\Windows\System32\svchost.exe -k UnistackSvcGroup
1⤵
- Suspicious use of AdjustPrivilegeToken
PID:2556

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Comms\UnistoreDB\store.jfm

Filesize
16KB

MD5
3f104edae70cbbf5ecaef960f4a16d79

SHA1
34a341f68fac86df7ccd60a6c8397112550fb07d

SHA256
d64d09ca297c99c845571f5767d99d51681cc456f296cce31e76964f446c6bea

SHA512
c4bb3f3fbed2df79a86dfde791446c351fb1550fe376bc975fa3aeb114b08b852800713cc2fce335303b0deef89ec3ce4712aa2d6dc81c6f8e859f5208e33a23

Download Submit
memory/2556-40-0x000001EC56240000-0x000001EC56241000-memory.dmp

Filesize
4KB

Download
memory/2556-42-0x000001EC56240000-0x000001EC56241000-memory.dmp

Filesize
4KB

Download
memory/2556-33-0x000001EC56240000-0x000001EC56241000-memory.dmp

Filesize
4KB

Download
memory/2556-34-0x000001EC56240000-0x000001EC56241000-memory.dmp

Filesize
4KB

Download
memory/2556-35-0x000001EC56240000-0x000001EC56241000-memory.dmp

Filesize
4KB

Download
memory/2556-36-0x000001EC56240000-0x000001EC56241000-memory.dmp

Filesize
4KB

Download
memory/2556-37-0x000001EC56240000-0x000001EC56241000-memory.dmp

Filesize
4KB

Download
memory/2556-38-0x000001EC56240000-0x000001EC56241000-memory.dmp

Filesize
4KB

Download
memory/2556-39-0x000001EC56240000-0x000001EC56241000-memory.dmp

Filesize
4KB

Download
memory/2556-43-0x000001EC55E70000-0x000001EC55E71000-memory.dmp

Filesize
4KB

Download
memory/2556-32-0x000001EC56220000-0x000001EC56221000-memory.dmp

Filesize
4KB

Download
memory/2556-41-0x000001EC56240000-0x000001EC56241000-memory.dmp

Filesize
4KB

Download
memory/2556-0-0x000001EC4DB40000-0x000001EC4DB50000-memory.dmp

Filesize
64KB

Download
memory/2556-44-0x000001EC55E60000-0x000001EC55E61000-memory.dmp

Filesize
4KB

Download
memory/2556-46-0x000001EC55E70000-0x000001EC55E71000-memory.dmp

Filesize
4KB

Download
memory/2556-49-0x000001EC55E60000-0x000001EC55E61000-memory.dmp

Filesize
4KB

Download
memory/2556-52-0x000001EC55DA0000-0x000001EC55DA1000-memory.dmp

Filesize
4KB

Download
memory/2556-16-0x000001EC4DC40000-0x000001EC4DC50000-memory.dmp

Filesize
64KB

Download
memory/2556-64-0x000001EC55FA0000-0x000001EC55FA1000-memory.dmp

Filesize
4KB

Download
memory/2556-66-0x000001EC55FB0000-0x000001EC55FB1000-memory.dmp

Filesize
4KB

Download
memory/2556-67-0x000001EC55FB0000-0x000001EC55FB1000-memory.dmp

Filesize
4KB

Download
memory/2556-68-0x000001EC560C0000-0x000001EC560C1000-memory.dmp

Filesize
4KB

Download

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads