92bd760ecd8223c94862932a852fba8f1c386f5eb1eeaf6e88da948baa10c024

Analysis

max time kernel
159s
max time network
166s
platform
windows10-2004_x64
resource
win10v2004-20231020-en
resource tags

arch:x64arch:x86image:win10v2004-20231020-enlocale:en-usos:windows10-2004-x64system
submitted
10-11-2023 06:20

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

SAT09867890000000.exe
Size

365KB
MD5

6e5fe2e8102810fa8c41e1708f5bad37
SHA1

866abdd7b659a470079b2cebb8c1e375a14dfe81
SHA256

92bd760ecd8223c94862932a852fba8f1c386f5eb1eeaf6e88da948baa10c024
SHA512

4e48fc62c0cf63b65ec427f1e759e1d0e07762a9fc7bb2601e9efadbe1de3e185de62a00fb30ac9445cf5d638f02d7ed99d3b74a68f59cbc8db5bd0d17db2494
SSDEEP

6144:CAY8QgjLjLzmfTi0rueeKeUnj+ZhcqCgT+0aRrqYsGdh1BiOFnAx:RXi7fr5e9DkqCgy0uOxc3BiOFI

Score

1^/10

Malware Config

Signatures

Suspicious use of AdjustPrivilegeToken 1 IoCs

Processes:

svchost.exe

description pid process

Token: SeManageVolumePrivilege 4448 svchost.exe

description	pid	process
Token: SeManageVolumePrivilege	4448	svchost.exe

Suspicious use of WriteProcessMemory 3 IoCs

Processes:

SAT09867890000000.exe

description	pid	process	target process
PID 2088 wrote to memory of 432	2088	SAT09867890000000.exe	SAT09867890000000.exe
PID 2088 wrote to memory of 432	2088	SAT09867890000000.exe	SAT09867890000000.exe
PID 2088 wrote to memory of 432	2088	SAT09867890000000.exe	SAT09867890000000.exe

C:\Users\Admin\AppData\Local\Temp\SAT09867890000000.exe
"C:\Users\Admin\AppData\Local\Temp\SAT09867890000000.exe"
1⤵
- Suspicious use of WriteProcessMemory
PID:2088

C:\Users\Admin\AppData\Local\Temp\SAT09867890000000.exe
C:\Users\Admin\AppData\Local\Temp\SAT09867890000000.exe
2⤵
PID:432

C:\Windows\system32\rundll32.exe
"C:\Windows\system32\rundll32.exe" "C:\Windows\SYSTEM32\EDGEHTML.dll",#141 Microsoft.VCLibs.140.00_8wekyb3d8bbwe
1⤵
PID:4056

C:\Windows\System32\svchost.exe
C:\Windows\System32\svchost.exe -k UnistackSvcGroup
1⤵
- Suspicious use of AdjustPrivilegeToken
PID:4448

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Comms\UnistoreDB\store.jfm

Filesize
16KB

MD5
fc720a99af0df50ee58d57b58b640ebf

SHA1
fa764f64784fc2ba530ebac1ab764774b2d63afd

SHA256
9136348b7470b3599bd9484784c219d060b373aab045736a96ca3d7131e25ee1

SHA512
7e067a6b13a01a6ec7ddf860ffcc1cfd4328fee585b74620718b4021e8fec4ff1ff39b0b2674a52dd55ba095d57c0711d5eb7f6073e8e278e5223a02a8454c24

Download Submit
memory/2088-0-0x00000000752B0000-0x0000000075A60000-memory.dmp

Filesize
7.7MB

Download
memory/2088-1-0x0000000000520000-0x0000000000582000-memory.dmp

Filesize
392KB

Download
memory/2088-2-0x00000000055F0000-0x0000000005B94000-memory.dmp

Filesize
5.6MB

Download
memory/2088-3-0x0000000004F20000-0x0000000004FB2000-memory.dmp

Filesize
584KB

Download
memory/2088-4-0x0000000005040000-0x0000000005094000-memory.dmp

Filesize
336KB

Download
memory/2088-5-0x0000000004ED0000-0x0000000004EE0000-memory.dmp

Filesize
64KB

Download
memory/2088-6-0x0000000005130000-0x00000000051CC000-memory.dmp

Filesize
624KB

Download
memory/2088-7-0x0000000004F00000-0x0000000004F0A000-memory.dmp

Filesize
40KB

Download
memory/2088-9-0x00000000752B0000-0x0000000075A60000-memory.dmp

Filesize
7.7MB

Download
memory/4448-47-0x0000024D49140000-0x0000024D49141000-memory.dmp

Filesize
4KB

Download
memory/4448-52-0x0000024D49140000-0x0000024D49141000-memory.dmp

Filesize
4KB

Download
memory/4448-43-0x0000024D49140000-0x0000024D49141000-memory.dmp

Filesize
4KB

Download
memory/4448-44-0x0000024D49140000-0x0000024D49141000-memory.dmp

Filesize
4KB

Download
memory/4448-45-0x0000024D49140000-0x0000024D49141000-memory.dmp

Filesize
4KB

Download
memory/4448-46-0x0000024D49140000-0x0000024D49141000-memory.dmp

Filesize
4KB

Download
memory/4448-26-0x0000024D3FB40000-0x0000024D3FB50000-memory.dmp

Filesize
64KB

Download
memory/4448-48-0x0000024D49140000-0x0000024D49141000-memory.dmp

Filesize
4KB

Download
memory/4448-49-0x0000024D49140000-0x0000024D49141000-memory.dmp

Filesize
4KB

Download
memory/4448-50-0x0000024D49140000-0x0000024D49141000-memory.dmp

Filesize
4KB

Download
memory/4448-51-0x0000024D49140000-0x0000024D49141000-memory.dmp

Filesize
4KB

Download
memory/4448-42-0x0000024D49110000-0x0000024D49111000-memory.dmp

Filesize
4KB

Download
memory/4448-53-0x0000024D47D60000-0x0000024D47D61000-memory.dmp

Filesize
4KB

Download
memory/4448-54-0x0000024D47D50000-0x0000024D47D51000-memory.dmp

Filesize
4KB

Download
memory/4448-56-0x0000024D47D60000-0x0000024D47D61000-memory.dmp

Filesize
4KB

Download
memory/4448-59-0x0000024D47D50000-0x0000024D47D51000-memory.dmp

Filesize
4KB

Download
memory/4448-62-0x0000024D47C90000-0x0000024D47C91000-memory.dmp

Filesize
4KB

Download
memory/4448-10-0x0000024D3FA40000-0x0000024D3FA50000-memory.dmp

Filesize
64KB

Download
memory/4448-74-0x0000024D47E90000-0x0000024D47E91000-memory.dmp

Filesize
4KB

Download
memory/4448-76-0x0000024D47EA0000-0x0000024D47EA1000-memory.dmp

Filesize
4KB

Download
memory/4448-77-0x0000024D47EA0000-0x0000024D47EA1000-memory.dmp

Filesize
4KB

Download
memory/4448-78-0x0000024D47FB0000-0x0000024D47FB1000-memory.dmp

Filesize
4KB

Download