b9b243b38c185429a92e0d900ade4cbd61ae8c2c78caa4071c8550dc275654d4

Analysis

max time kernel
141s
max time network
155s
platform
windows10-2004_x64
resource
win10v2004-20231025-en
resource tags

arch:x64arch:x86image:win10v2004-20231025-enlocale:en-usos:windows10-2004-x64system
submitted
19-11-2023 19:02

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

b9b243b38c185429a92e0d900ade4cbd61ae8c2c78caa4071c8550dc275654d4.exe
Size

452KB
MD5

5b3a26b6905b113660cf05a2ffdaebc4
SHA1

ea1b0175765ca08ff199865421c454a6993314ef
SHA256

b9b243b38c185429a92e0d900ade4cbd61ae8c2c78caa4071c8550dc275654d4
SHA512

64c4583a336f9550c60fb2d6b161f46a306e1127fe1cfb15c122a11d506d582d6e570394c8f3156f20790333072556b19030d9b404603da8e54eed9ba9084fbb
SSDEEP

6144:trRUhNbzwXbkZ+/taqaqpblD3wTW7Xe4Ohp6u9urP7omhoYkW0CbZ:trRUhNY6+/Kqpbh3wTWr8hUkQsW0+

Score

1^/10

Malware Config

Signatures

Suspicious use of AdjustPrivilegeToken 1 IoCs

description	pid	Process
Token: SeManageVolumePrivilege	4432	svchost.exe

C:\Users\Admin\AppData\Local\Temp\b9b243b38c185429a92e0d900ade4cbd61ae8c2c78caa4071c8550dc275654d4.exe
"C:\Users\Admin\AppData\Local\Temp\b9b243b38c185429a92e0d900ade4cbd61ae8c2c78caa4071c8550dc275654d4.exe"
1⤵
PID:448

C:\Windows\system32\rundll32.exe
"C:\Windows\system32\rundll32.exe" "C:\Windows\SYSTEM32\EDGEHTML.dll",#141 Microsoft.VCLibs.140.00_8wekyb3d8bbwe
1⤵
PID:4068

C:\Windows\System32\svchost.exe
C:\Windows\System32\svchost.exe -k UnistackSvcGroup
1⤵
- Suspicious use of AdjustPrivilegeToken
PID:4432

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Comms\UnistoreDB\store.jfm

Filesize
16KB

MD5
cf21aae04ae3cba1a02c11a84b477f2d

SHA1
2cd96a498a8ffa88bbd3fcc5f7d98bb93e1830f1

SHA256
7f9759d35b51322d25d4f4369a377b487187079d71fbde5e9a0c8a69c3233bc9

SHA512
ad8c6d26723a159ca85b7963a8540f8f789a1a7316f5ff183aa647f4d70736c3b0cdd0649d7a5eeb8a85b8f710629df1a9c8ce9d92dd055ef154bfbd66753788

Download Submit
memory/4432-40-0x00000243C7150000-0x00000243C7151000-memory.dmp

Filesize
4KB

Download
memory/4432-33-0x00000243C7140000-0x00000243C7141000-memory.dmp

Filesize
4KB

Download
memory/4432-42-0x00000243C7150000-0x00000243C7151000-memory.dmp

Filesize
4KB

Download
memory/4432-34-0x00000243C7140000-0x00000243C7141000-memory.dmp

Filesize
4KB

Download
memory/4432-35-0x00000243C7140000-0x00000243C7141000-memory.dmp

Filesize
4KB

Download
memory/4432-36-0x00000243C7140000-0x00000243C7141000-memory.dmp

Filesize
4KB

Download
memory/4432-37-0x00000243C7140000-0x00000243C7141000-memory.dmp

Filesize
4KB

Download
memory/4432-38-0x00000243C7140000-0x00000243C7141000-memory.dmp

Filesize
4KB

Download
memory/4432-43-0x00000243C5D80000-0x00000243C5D81000-memory.dmp

Filesize
4KB

Download
memory/4432-0-0x00000243BDA40000-0x00000243BDA50000-memory.dmp

Filesize
64KB

Download
memory/4432-67-0x00000243C5EC0000-0x00000243C5EC1000-memory.dmp

Filesize
4KB

Download
memory/4432-32-0x00000243C7130000-0x00000243C7131000-memory.dmp

Filesize
4KB

Download
memory/4432-39-0x00000243C7140000-0x00000243C7141000-memory.dmp

Filesize
4KB

Download
memory/4432-44-0x00000243C5D70000-0x00000243C5D71000-memory.dmp

Filesize
4KB

Download
memory/4432-46-0x00000243C5D80000-0x00000243C5D81000-memory.dmp

Filesize
4KB

Download
memory/4432-49-0x00000243C5D70000-0x00000243C5D71000-memory.dmp

Filesize
4KB

Download
memory/4432-52-0x00000243C5CB0000-0x00000243C5CB1000-memory.dmp

Filesize
4KB

Download
memory/4432-16-0x00000243BDB40000-0x00000243BDB50000-memory.dmp

Filesize
64KB

Download
memory/4432-64-0x00000243C5EB0000-0x00000243C5EB1000-memory.dmp

Filesize
4KB

Download
memory/4432-66-0x00000243C5EC0000-0x00000243C5EC1000-memory.dmp

Filesize
4KB

Download
memory/4432-68-0x00000243C5FD0000-0x00000243C5FD1000-memory.dmp

Filesize
4KB

Download
memory/4432-41-0x00000243C7150000-0x00000243C7151000-memory.dmp

Filesize
4KB

Download

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads