a25d2b89d3912a99fe85de7627eefdc5cc66732e70b8a3dee3712a8899a8b52c

Analysis

max time kernel
142s
max time network
149s
platform
windows10-2004_x64
resource
win10v2004-20231020-en
resource tags

arch:x64arch:x86image:win10v2004-20231020-enlocale:en-usos:windows10-2004-x64system
submitted
14/11/2023, 11:41

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

a25d2b89d3912a99fe85de7627eefdc5cc66732e70b8a3dee3712a8899a8b52c.dll
Size

1.1MB
MD5

47b20f65efb3689c4b19950795e19acb
SHA1

3be7aa101960f527417d8193d72cff10d3e8c227
SHA256

a25d2b89d3912a99fe85de7627eefdc5cc66732e70b8a3dee3712a8899a8b52c
SHA512

b2629976b0aaf21cc828b569bb7e0726ca94da4becad29e3f2e9ac8f87ddb26acdc56b17a4089a418cc313eada20bb779759e01c3e8fb4ea96d2dae92de69bac
SSDEEP

24576:hGQMqW4xded0rH8KJQQ/oOuyW0tAuMF6lQAif/r:hGQ9Wh0iMUF60

Score

1^/10

Malware Config

Signatures

Suspicious use of AdjustPrivilegeToken 1 IoCs

description	pid	Process
Token: SeManageVolumePrivilege	1468	svchost.exe

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 5100 wrote to memory of 4360	5100	rundll32.exe	86
PID 5100 wrote to memory of 4360	5100	rundll32.exe	86
PID 5100 wrote to memory of 4360	5100	rundll32.exe	86

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\a25d2b89d3912a99fe85de7627eefdc5cc66732e70b8a3dee3712a8899a8b52c.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:5100
- C:\Windows\SysWOW64\rundll32.exe
  rundll32.exe C:\Users\Admin\AppData\Local\Temp\a25d2b89d3912a99fe85de7627eefdc5cc66732e70b8a3dee3712a8899a8b52c.dll,#1
  2⤵
  PID:4360

C:\Windows\system32\rundll32.exe
"C:\Windows\system32\rundll32.exe" "C:\Windows\SYSTEM32\EDGEHTML.dll",#141 Microsoft.VCLibs.140.00_8wekyb3d8bbwe
1⤵
PID:1056

C:\Windows\System32\svchost.exe
C:\Windows\System32\svchost.exe -k UnistackSvcGroup
1⤵
- Suspicious use of AdjustPrivilegeToken
PID:1468

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Comms\UnistoreDB\store.jfm

Filesize
16KB

MD5
3dbde27cdb695551593219e276492fa2

SHA1
aaafda04fb0fb393cae231cc90622ef3b9859b44

SHA256
6980191a567f2c702b4115921937504b3815669c577b715f49ca07be23f4d844

SHA512
f59f59259da834fdfda3eb29a59025b3ab2ac3e599e717e741d5d87223f660c2ca2394e55f2a45f809a6700aab0eb74b8cf46b5cd93d8dcb670b7145d82a2734

Download Submit
memory/1468-44-0x000001A1DC350000-0x000001A1DC351000-memory.dmp

Filesize
4KB

Download
memory/1468-50-0x000001A1DBF70000-0x000001A1DBF71000-memory.dmp

Filesize
4KB

Download
memory/1468-75-0x000001A1DC1C0000-0x000001A1DC1C1000-memory.dmp

Filesize
4KB

Download
memory/1468-74-0x000001A1DC0B0000-0x000001A1DC0B1000-memory.dmp

Filesize
4KB

Download
memory/1468-73-0x000001A1DC0B0000-0x000001A1DC0B1000-memory.dmp

Filesize
4KB

Download
memory/1468-71-0x000001A1DC0A0000-0x000001A1DC0A1000-memory.dmp

Filesize
4KB

Download
memory/1468-7-0x000001A1D3C40000-0x000001A1D3C50000-memory.dmp

Filesize
64KB

Download
memory/1468-23-0x000001A1D3D40000-0x000001A1D3D50000-memory.dmp

Filesize
64KB

Download
memory/1468-39-0x000001A1DC320000-0x000001A1DC321000-memory.dmp

Filesize
4KB

Download
memory/1468-40-0x000001A1DC350000-0x000001A1DC351000-memory.dmp

Filesize
4KB

Download
memory/1468-41-0x000001A1DC350000-0x000001A1DC351000-memory.dmp

Filesize
4KB

Download
memory/1468-42-0x000001A1DC350000-0x000001A1DC351000-memory.dmp

Filesize
4KB

Download
memory/1468-43-0x000001A1DC350000-0x000001A1DC351000-memory.dmp

Filesize
4KB

Download
memory/1468-59-0x000001A1DBEA0000-0x000001A1DBEA1000-memory.dmp

Filesize
4KB

Download
memory/1468-56-0x000001A1DBF60000-0x000001A1DBF61000-memory.dmp

Filesize
4KB

Download
memory/1468-47-0x000001A1DC350000-0x000001A1DC351000-memory.dmp

Filesize
4KB

Download
memory/1468-45-0x000001A1DC350000-0x000001A1DC351000-memory.dmp

Filesize
4KB

Download
memory/1468-48-0x000001A1DC350000-0x000001A1DC351000-memory.dmp

Filesize
4KB

Download
memory/1468-49-0x000001A1DC350000-0x000001A1DC351000-memory.dmp

Filesize
4KB

Download
memory/1468-46-0x000001A1DC350000-0x000001A1DC351000-memory.dmp

Filesize
4KB

Download
memory/1468-51-0x000001A1DBF60000-0x000001A1DBF61000-memory.dmp

Filesize
4KB

Download
memory/1468-53-0x000001A1DBF70000-0x000001A1DBF71000-memory.dmp

Filesize
4KB

Download
memory/4360-2-0x0000000010000000-0x0000000010242000-memory.dmp

Filesize
2.3MB

Download
memory/4360-0-0x0000000010000000-0x0000000010242000-memory.dmp

Filesize
2.3MB

Download
memory/4360-1-0x0000000010000000-0x0000000010242000-memory.dmp

Filesize
2.3MB

Download
memory/4360-6-0x0000000010000000-0x0000000010242000-memory.dmp

Filesize
2.3MB

Download
memory/4360-5-0x0000000010000000-0x0000000010242000-memory.dmp

Filesize
2.3MB

Download
memory/4360-4-0x0000000010000000-0x0000000010242000-memory.dmp

Filesize
2.3MB

Download
memory/4360-3-0x0000000010000000-0x0000000010242000-memory.dmp

Filesize
2.3MB

Download

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads