ac3ebfc3f50e2fca46124d2657e6e8367df33976a34d451f6d5e5e435eabb142

Analysis

max time kernel
145s
max time network
150s
platform
windows10-2004_x64
resource
win10v2004-20231020-en
resource tags

arch:x64arch:x86image:win10v2004-20231020-enlocale:en-usos:windows10-2004-x64system
submitted
16/11/2023, 03:46

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

ac3ebfc3f50e2fca46124d2657e6e8367df33976a34d451f6d5e5e435eabb142.exe
Size

3.4MB
MD5

d7e6971f6bc029c7c8a78dd97416f3ad
SHA1

5c3ff8ace6e702d9bd48d1b4aff3cc921a765fd4
SHA256

ac3ebfc3f50e2fca46124d2657e6e8367df33976a34d451f6d5e5e435eabb142
SHA512

0db1c3964171cd4ce0b42601957a97364c5e693e3296395d93804c860fdadf0af310b3f9489949f7fe2e7194611afbf2a72baa778c633969df98fdab38dcf64e
SSDEEP

98304:dmXzwHDntwFoOWqgqIkgsvPAv7/tqgVPGtEFVw:EX4wptLQvzZVGuVw

Score

1^/10

Malware Config

Signatures

Suspicious use of AdjustPrivilegeToken 1 IoCs

description	pid	Process
Token: SeManageVolumePrivilege	5040	svchost.exe

C:\Users\Admin\AppData\Local\Temp\ac3ebfc3f50e2fca46124d2657e6e8367df33976a34d451f6d5e5e435eabb142.exe
"C:\Users\Admin\AppData\Local\Temp\ac3ebfc3f50e2fca46124d2657e6e8367df33976a34d451f6d5e5e435eabb142.exe"
1⤵
PID:3504

C:\Windows\system32\rundll32.exe
"C:\Windows\system32\rundll32.exe" "C:\Windows\SYSTEM32\EDGEHTML.dll",#141 Microsoft.VCLibs.140.00_8wekyb3d8bbwe
1⤵
PID:4116

C:\Windows\System32\svchost.exe
C:\Windows\System32\svchost.exe -k UnistackSvcGroup
1⤵
- Suspicious use of AdjustPrivilegeToken
PID:5040

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Comms\UnistoreDB\store.jfm

Filesize
16KB

MD5
d7163a97045f4e76c957cb443fe6ea1c

SHA1
7be66305ec65fcdf26494ade6b6bf6fe96559031

SHA256
de9f1c4c47dc1c1840a3252bbd80b814e40ee54c7968f8689af21ada9e341f52

SHA512
26f42ae26f715bcbc3b58b9be5812c70fd829fd3500efc20ecc86e6489d27b25b2476b4faa0d9c3ceabcf148a2086e6a6538573af8c0a7e6a7e772b15c1be1e6

Download Submit
memory/5040-40-0x0000021899160000-0x0000021899161000-memory.dmp

Filesize
4KB

Download
memory/5040-42-0x0000021899160000-0x0000021899161000-memory.dmp

Filesize
4KB

Download
memory/5040-33-0x0000021899160000-0x0000021899161000-memory.dmp

Filesize
4KB

Download
memory/5040-34-0x0000021899160000-0x0000021899161000-memory.dmp

Filesize
4KB

Download
memory/5040-35-0x0000021899160000-0x0000021899161000-memory.dmp

Filesize
4KB

Download
memory/5040-36-0x0000021899160000-0x0000021899161000-memory.dmp

Filesize
4KB

Download
memory/5040-37-0x0000021899160000-0x0000021899161000-memory.dmp

Filesize
4KB

Download
memory/5040-38-0x0000021899160000-0x0000021899161000-memory.dmp

Filesize
4KB

Download
memory/5040-39-0x0000021899160000-0x0000021899161000-memory.dmp

Filesize
4KB

Download
memory/5040-43-0x0000021897D90000-0x0000021897D91000-memory.dmp

Filesize
4KB

Download
memory/5040-32-0x0000021899140000-0x0000021899141000-memory.dmp

Filesize
4KB

Download
memory/5040-41-0x0000021899160000-0x0000021899161000-memory.dmp

Filesize
4KB

Download
memory/5040-0-0x000002188FA50000-0x000002188FA60000-memory.dmp

Filesize
64KB

Download
memory/5040-44-0x0000021897D80000-0x0000021897D81000-memory.dmp

Filesize
4KB

Download
memory/5040-46-0x0000021897D90000-0x0000021897D91000-memory.dmp

Filesize
4KB

Download
memory/5040-49-0x0000021897D80000-0x0000021897D81000-memory.dmp

Filesize
4KB

Download
memory/5040-52-0x0000021897CC0000-0x0000021897CC1000-memory.dmp

Filesize
4KB

Download
memory/5040-16-0x000002188FB50000-0x000002188FB60000-memory.dmp

Filesize
64KB

Download
memory/5040-64-0x0000021897EC0000-0x0000021897EC1000-memory.dmp

Filesize
4KB

Download
memory/5040-66-0x0000021897ED0000-0x0000021897ED1000-memory.dmp

Filesize
4KB

Download
memory/5040-67-0x0000021897ED0000-0x0000021897ED1000-memory.dmp

Filesize
4KB

Download
memory/5040-68-0x0000021897FE0000-0x0000021897FE1000-memory.dmp

Filesize
4KB

Download

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads