8df837e0eaf225d626d7c1987a3d437b4e047665c525338c8e1ea460926b7bba

Analysis

max time kernel
139s
max time network
148s
platform
windows10-2004_x64
resource
win10v2004-20231020-en
resource tags

arch:x64arch:x86image:win10v2004-20231020-enlocale:en-usos:windows10-2004-x64system
submitted
05-11-2023 04:36

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

8df837e0eaf225d626d7c1987a3d437b4e047665c525338c8e1ea460926b7bba.exe
Size

6KB
MD5

4437a31195b9b1c7efbb0adec8227bb7
SHA1

845163033f70e994b87518638d132190d4b200ea
SHA256

8df837e0eaf225d626d7c1987a3d437b4e047665c525338c8e1ea460926b7bba
SHA512

e648abd7aa1b352bc43ede998a68a04cbe8eb9a6ff2453c8cf83d43ea414593dc0df776412df04bf7d57f9779f624c14002b1a72f1d6b8e84110c973dc8d89f0
SSDEEP

48:SPbt0S4FVgCp471Ib4Fc/38+N7DYocHa23WlTpebVetFygFI5a2oxdVoZiG/9u5O:e0mIGnFc/38+N4ZHJWSY9FI5WqKx

Score

1^/10

Malware Config

Signatures

Suspicious use of AdjustPrivilegeToken 1 IoCs

description	pid	Process
Token: SeManageVolumePrivilege	1588	svchost.exe

C:\Users\Admin\AppData\Local\Temp\8df837e0eaf225d626d7c1987a3d437b4e047665c525338c8e1ea460926b7bba.exe
"C:\Users\Admin\AppData\Local\Temp\8df837e0eaf225d626d7c1987a3d437b4e047665c525338c8e1ea460926b7bba.exe"
1⤵
PID:1744

C:\Windows\system32\rundll32.exe
"C:\Windows\system32\rundll32.exe" "C:\Windows\SYSTEM32\EDGEHTML.dll",#141 Microsoft.VCLibs.140.00_8wekyb3d8bbwe
1⤵
PID:2348

C:\Windows\System32\svchost.exe
C:\Windows\System32\svchost.exe -k UnistackSvcGroup
1⤵
- Suspicious use of AdjustPrivilegeToken
PID:1588

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Comms\UnistoreDB\store.jfm

Filesize
16KB

MD5
638302d1948f977c7f0c209af791a3dd

SHA1
d6932f75cf5d8582a383743c66fa6268ce5b2837

SHA256
2895386745b2106727e57fdd5e054d1644af3ade7ece5158259d2e14262b24c1

SHA512
bc77d2087aa45eb23a90f065420a53fbbc9e1c272411bb70db2da5457c23efeb6ed61bafb05766d7805117a4c79ca492dd05e163a467ec5afcc1750f1e6d2d7c

Download Submit
memory/1588-40-0x00000247C6A40000-0x00000247C6A41000-memory.dmp

Filesize
4KB

Download
memory/1588-33-0x00000247C6A40000-0x00000247C6A41000-memory.dmp

Filesize
4KB

Download
memory/1588-42-0x00000247C6A40000-0x00000247C6A41000-memory.dmp

Filesize
4KB

Download
memory/1588-34-0x00000247C6A40000-0x00000247C6A41000-memory.dmp

Filesize
4KB

Download
memory/1588-35-0x00000247C6A40000-0x00000247C6A41000-memory.dmp

Filesize
4KB

Download
memory/1588-36-0x00000247C6A40000-0x00000247C6A41000-memory.dmp

Filesize
4KB

Download
memory/1588-37-0x00000247C6A40000-0x00000247C6A41000-memory.dmp

Filesize
4KB

Download
memory/1588-38-0x00000247C6A40000-0x00000247C6A41000-memory.dmp

Filesize
4KB

Download
memory/1588-43-0x00000247C6660000-0x00000247C6661000-memory.dmp

Filesize
4KB

Download
memory/1588-0-0x00000247BE340000-0x00000247BE350000-memory.dmp

Filesize
64KB

Download
memory/1588-68-0x00000247C68B0000-0x00000247C68B1000-memory.dmp

Filesize
4KB

Download
memory/1588-32-0x00000247C6A10000-0x00000247C6A11000-memory.dmp

Filesize
4KB

Download
memory/1588-39-0x00000247C6A40000-0x00000247C6A41000-memory.dmp

Filesize
4KB

Download
memory/1588-44-0x00000247C6650000-0x00000247C6651000-memory.dmp

Filesize
4KB

Download
memory/1588-46-0x00000247C6660000-0x00000247C6661000-memory.dmp

Filesize
4KB

Download
memory/1588-49-0x00000247C6650000-0x00000247C6651000-memory.dmp

Filesize
4KB

Download
memory/1588-52-0x00000247C6590000-0x00000247C6591000-memory.dmp

Filesize
4KB

Download
memory/1588-16-0x00000247BE440000-0x00000247BE450000-memory.dmp

Filesize
64KB

Download
memory/1588-64-0x00000247C6790000-0x00000247C6791000-memory.dmp

Filesize
4KB

Download
memory/1588-66-0x00000247C67A0000-0x00000247C67A1000-memory.dmp

Filesize
4KB

Download
memory/1588-67-0x00000247C67A0000-0x00000247C67A1000-memory.dmp

Filesize
4KB

Download
memory/1588-41-0x00000247C6A40000-0x00000247C6A41000-memory.dmp

Filesize
4KB

Download

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads