4e697c1a3ddd77e0a8a439b400ed36a8eea84441bd8e05b9d86240e3b0e4bb72

Analysis

max time kernel
1712s
max time network
1148s
platform
windows10-2004_x64
resource
win10v2004-20231020-en
resource tags

arch:x64arch:x86image:win10v2004-20231020-enlocale:en-usos:windows10-2004-x64system
submitted
20/11/2023, 17:52

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

GameJamProjesi_Data/Managed/System.Data.DataSetExtensions.dll
Size

29KB
MD5

ecd2f1cfec2844401c3c79de8303cd9f
SHA1

1b406f2481b49b9fda5a1b7dde76182b08a6fc7f
SHA256

cbfd352e20b76046633e9f60598abcfe2089fefcecb1ee41529be1c2e9513c68
SHA512

6cf684ebdb68515acbd8e0903933e330efab4a046404626d641c17f53de5e436f3c36e432d53b7d8af9106d3a2577243f509507d886b66f6af760b813c308b13
SSDEEP

384:tEAjm7aELetOdc8l4LodMqokNv2Y2rsFKOlIcMYOxIsnRbli3ESmMadMkrVr5UhH:tcZC8Ll4LiMXkv2Y2Mcdqsj5Q

Score

1^/10

Malware Config

Signatures

Suspicious use of AdjustPrivilegeToken 1 IoCs

description	pid	Process
Token: SeManageVolumePrivilege	5060	svchost.exe

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\GameJamProjesi_Data\Managed\System.Data.DataSetExtensions.dll,#1
1⤵
PID:4000

C:\Windows\system32\rundll32.exe
"C:\Windows\system32\rundll32.exe" "C:\Windows\SYSTEM32\EDGEHTML.dll",#141 Microsoft.VCLibs.140.00_8wekyb3d8bbwe
1⤵
PID:2356

C:\Windows\System32\svchost.exe
C:\Windows\System32\svchost.exe -k UnistackSvcGroup
1⤵
- Suspicious use of AdjustPrivilegeToken
PID:5060

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Comms\UnistoreDB\store.jfm

Filesize
16KB

MD5
2920f4730150dbda33b014d5c768660e

SHA1
e47a145ebd4c1df53c684ab70ff95aba004f7d7b

SHA256
6cb3deef5fe30e62ab876fd3fe9407154eed7ed4e78270b93bb1dba9738486d9

SHA512
8c8383a4e15c5e0daedab15aa0e20c28b59e7c412d02be3fb6a86934f967a744ab050bacb55be855c5a97a6d2ccf05b5cf13e4a57637ef90bcddd5a65c2067e3

Download Submit
memory/5060-40-0x00000286C72C0000-0x00000286C72C1000-memory.dmp

Filesize
4KB

Download
memory/5060-42-0x00000286C72C0000-0x00000286C72C1000-memory.dmp

Filesize
4KB

Download
memory/5060-33-0x00000286C72C0000-0x00000286C72C1000-memory.dmp

Filesize
4KB

Download
memory/5060-34-0x00000286C72C0000-0x00000286C72C1000-memory.dmp

Filesize
4KB

Download
memory/5060-35-0x00000286C72C0000-0x00000286C72C1000-memory.dmp

Filesize
4KB

Download
memory/5060-36-0x00000286C72C0000-0x00000286C72C1000-memory.dmp

Filesize
4KB

Download
memory/5060-37-0x00000286C72C0000-0x00000286C72C1000-memory.dmp

Filesize
4KB

Download
memory/5060-38-0x00000286C72C0000-0x00000286C72C1000-memory.dmp

Filesize
4KB

Download
memory/5060-39-0x00000286C72C0000-0x00000286C72C1000-memory.dmp

Filesize
4KB

Download
memory/5060-43-0x00000286C6EE0000-0x00000286C6EE1000-memory.dmp

Filesize
4KB

Download
memory/5060-32-0x00000286C7290000-0x00000286C7291000-memory.dmp

Filesize
4KB

Download
memory/5060-41-0x00000286C72C0000-0x00000286C72C1000-memory.dmp

Filesize
4KB

Download
memory/5060-0-0x00000286BEBA0000-0x00000286BEBB0000-memory.dmp

Filesize
64KB

Download
memory/5060-44-0x00000286C6ED0000-0x00000286C6ED1000-memory.dmp

Filesize
4KB

Download
memory/5060-46-0x00000286C6EE0000-0x00000286C6EE1000-memory.dmp

Filesize
4KB

Download
memory/5060-49-0x00000286C6ED0000-0x00000286C6ED1000-memory.dmp

Filesize
4KB

Download
memory/5060-52-0x00000286C6E10000-0x00000286C6E11000-memory.dmp

Filesize
4KB

Download
memory/5060-16-0x00000286BECA0000-0x00000286BECB0000-memory.dmp

Filesize
64KB

Download
memory/5060-64-0x00000286C7010000-0x00000286C7011000-memory.dmp

Filesize
4KB

Download
memory/5060-66-0x00000286C7020000-0x00000286C7021000-memory.dmp

Filesize
4KB

Download
memory/5060-67-0x00000286C7020000-0x00000286C7021000-memory.dmp

Filesize
4KB

Download
memory/5060-68-0x00000286C7130000-0x00000286C7131000-memory.dmp

Filesize
4KB

Download

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads