4e697c1a3ddd77e0a8a439b400ed36a8eea84441bd8e05b9d86240e3b0e4bb72

Analysis

max time kernel
1705s
max time network
1162s
platform
windows10-2004_x64
resource
win10v2004-20231020-en
resource tags

arch:x64arch:x86image:win10v2004-20231020-enlocale:en-usos:windows10-2004-x64system
submitted
20/11/2023, 17:52

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

GameJamProjesi_Data/Managed/Boxophobic.Utils.Scripts.dll
Size

9KB
MD5

e74bd0de92290bbab8715e260c2bff86
SHA1

0721ff59d1e43936e06cff7d49054c133a0361da
SHA256

84550c8ebcca6f4271ca0b7a9b47dd54fe70804566a6d66a33351b18ee4e8e7e
SHA512

6ec609beab62c486b3c76e1737cd56af1711e5ebdd0f6e4749b04dc9cf2822084aa0cf357b51513bfbe47d01fa8cb9f6e928c935352d7ce211f01fe9f5bf1cd5
SSDEEP

192:fQt8fifhJ7rVGjSwRbvz4kv3QuyYLXfh4zEpsE8GuVKS4sQ9:+7JPwzLyGXfhJmE8GuVKS4sQ9

Score

1^/10

Malware Config

Signatures

Suspicious use of AdjustPrivilegeToken 1 IoCs

description	pid	Process
Token: SeManageVolumePrivilege	3132	svchost.exe

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\GameJamProjesi_Data\Managed\Boxophobic.Utils.Scripts.dll,#1
1⤵
PID:1164

C:\Windows\system32\rundll32.exe
"C:\Windows\system32\rundll32.exe" "C:\Windows\SYSTEM32\EDGEHTML.dll",#141 Microsoft.VCLibs.140.00_8wekyb3d8bbwe
1⤵
PID:396

C:\Windows\System32\svchost.exe
C:\Windows\System32\svchost.exe -k UnistackSvcGroup
1⤵
- Suspicious use of AdjustPrivilegeToken
PID:3132

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Comms\UnistoreDB\store.jfm

Filesize
16KB

MD5
e31e73752559cc9bd2a7485c3fc44191

SHA1
12f5a6b921e013eee3095b2944f2c72b91052187

SHA256
e2d0aad9c881ac59215c540ff52df8864c24da631747a1e195b3e8463cc05cba

SHA512
ac0fa45e1cf2279609e40bba66f777e3ac26a1cd5b023331ce54fee4023922c56e68d769bc34e357156eb7c546fde27412e0fd2e7ca33e6229d2b089bdc54ac3

Download Submit
memory/3132-40-0x00000226D1A10000-0x00000226D1A11000-memory.dmp

Filesize
4KB

Download
memory/3132-42-0x00000226D1A10000-0x00000226D1A11000-memory.dmp

Filesize
4KB

Download
memory/3132-33-0x00000226D1A10000-0x00000226D1A11000-memory.dmp

Filesize
4KB

Download
memory/3132-34-0x00000226D1A10000-0x00000226D1A11000-memory.dmp

Filesize
4KB

Download
memory/3132-35-0x00000226D1A10000-0x00000226D1A11000-memory.dmp

Filesize
4KB

Download
memory/3132-36-0x00000226D1A10000-0x00000226D1A11000-memory.dmp

Filesize
4KB

Download
memory/3132-37-0x00000226D1A10000-0x00000226D1A11000-memory.dmp

Filesize
4KB

Download
memory/3132-38-0x00000226D1A10000-0x00000226D1A11000-memory.dmp

Filesize
4KB

Download
memory/3132-39-0x00000226D1A10000-0x00000226D1A11000-memory.dmp

Filesize
4KB

Download
memory/3132-43-0x00000226D1630000-0x00000226D1631000-memory.dmp

Filesize
4KB

Download
memory/3132-32-0x00000226D19E0000-0x00000226D19E1000-memory.dmp

Filesize
4KB

Download
memory/3132-41-0x00000226D1A10000-0x00000226D1A11000-memory.dmp

Filesize
4KB

Download
memory/3132-0-0x00000226C9340000-0x00000226C9350000-memory.dmp

Filesize
64KB

Download
memory/3132-44-0x00000226D1620000-0x00000226D1621000-memory.dmp

Filesize
4KB

Download
memory/3132-46-0x00000226D1630000-0x00000226D1631000-memory.dmp

Filesize
4KB

Download
memory/3132-49-0x00000226D1620000-0x00000226D1621000-memory.dmp

Filesize
4KB

Download
memory/3132-52-0x00000226D1560000-0x00000226D1561000-memory.dmp

Filesize
4KB

Download
memory/3132-16-0x00000226C9440000-0x00000226C9450000-memory.dmp

Filesize
64KB

Download
memory/3132-64-0x00000226D1760000-0x00000226D1761000-memory.dmp

Filesize
4KB

Download
memory/3132-66-0x00000226D1770000-0x00000226D1771000-memory.dmp

Filesize
4KB

Download
memory/3132-67-0x00000226D1770000-0x00000226D1771000-memory.dmp

Filesize
4KB

Download
memory/3132-68-0x00000226D1880000-0x00000226D1881000-memory.dmp

Filesize
4KB

Download

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads