4e697c1a3ddd77e0a8a439b400ed36a8eea84441bd8e05b9d86240e3b0e4bb72

Analysis

max time kernel
1700s
max time network
1150s
platform
windows10-2004_x64
resource
win10v2004-20231020-en
resource tags

arch:x64arch:x86image:win10v2004-20231020-enlocale:en-usos:windows10-2004-x64system
submitted
20-11-2023 17:52

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

GameJamProjesi_Data/Managed/System.ComponentModel.Composition.dll
Size

251KB
MD5

426ea1652ff4b12367a509035d571ad3
SHA1

6d7c58db25449f3396e0f088cc88f3b9e6726bf1
SHA256

e8f6998869bf8c17f28a387231a9a50c3ab88a3474bbad9595a637f32082210c
SHA512

f4e7deb8e732c66afb69a977cc80d94bad5328e5aa78000eae8703d7faa508fdf6f462cca5f421876bc7656e4c84d7f5fa40290d0d4f7abc4614cd325d766c7c
SSDEEP

6144:jkwkYfxuS0ZNORl1X1XYZGFU+22kUgUlAwU5e81hXJXee4jsURlXXMAX8O33iEP3:jkwkYfx8ZNCxL

Score

1^/10

Malware Config

Signatures

Suspicious use of AdjustPrivilegeToken 1 IoCs

description	pid	Process
Token: SeManageVolumePrivilege	3732	svchost.exe

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\GameJamProjesi_Data\Managed\System.ComponentModel.Composition.dll,#1
1⤵
PID:1220

C:\Windows\system32\rundll32.exe
"C:\Windows\system32\rundll32.exe" "C:\Windows\SYSTEM32\EDGEHTML.dll",#141 Microsoft.VCLibs.140.00_8wekyb3d8bbwe
1⤵
PID:3028

C:\Windows\System32\svchost.exe
C:\Windows\System32\svchost.exe -k UnistackSvcGroup
1⤵
- Suspicious use of AdjustPrivilegeToken
PID:3732

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Comms\UnistoreDB\store.jfm

Filesize
16KB

MD5
924ef57aca2ce04e17d65d542b3eca9d

SHA1
9f144fa4f32b1430bf8e6324a9c0a84f0e9d68dd

SHA256
21f8491fb8cce58a32ab185df17dc7bfd7e955ddb4bb33c18f6bd4ebbcec12cd

SHA512
3f93267df3a4340d71c43e37c8dda5e11f76090a00437132706f1eccb12a7a49c263194e7852c57b4c929c9eb9ee26237ca699b1d0c2cd7d89525eaf14097cf9

Download Submit
memory/3732-40-0x0000026143570000-0x0000026143571000-memory.dmp

Filesize
4KB

Download
memory/3732-33-0x0000026143570000-0x0000026143571000-memory.dmp

Filesize
4KB

Download
memory/3732-42-0x0000026143570000-0x0000026143571000-memory.dmp

Filesize
4KB

Download
memory/3732-34-0x0000026143570000-0x0000026143571000-memory.dmp

Filesize
4KB

Download
memory/3732-35-0x0000026143570000-0x0000026143571000-memory.dmp

Filesize
4KB

Download
memory/3732-36-0x0000026143570000-0x0000026143571000-memory.dmp

Filesize
4KB

Download
memory/3732-37-0x0000026143570000-0x0000026143571000-memory.dmp

Filesize
4KB

Download
memory/3732-38-0x0000026143570000-0x0000026143571000-memory.dmp

Filesize
4KB

Download
memory/3732-43-0x0000026143190000-0x0000026143191000-memory.dmp

Filesize
4KB

Download
memory/3732-0-0x000002613AE50000-0x000002613AE60000-memory.dmp

Filesize
64KB

Download
memory/3732-68-0x00000261433E0000-0x00000261433E1000-memory.dmp

Filesize
4KB

Download
memory/3732-32-0x0000026143540000-0x0000026143541000-memory.dmp

Filesize
4KB

Download
memory/3732-39-0x0000026143570000-0x0000026143571000-memory.dmp

Filesize
4KB

Download
memory/3732-44-0x0000026143180000-0x0000026143181000-memory.dmp

Filesize
4KB

Download
memory/3732-46-0x0000026143190000-0x0000026143191000-memory.dmp

Filesize
4KB

Download
memory/3732-49-0x0000026143180000-0x0000026143181000-memory.dmp

Filesize
4KB

Download
memory/3732-52-0x00000261430C0000-0x00000261430C1000-memory.dmp

Filesize
4KB

Download
memory/3732-16-0x000002613AF50000-0x000002613AF60000-memory.dmp

Filesize
64KB

Download
memory/3732-64-0x00000261432C0000-0x00000261432C1000-memory.dmp

Filesize
4KB

Download
memory/3732-66-0x00000261432D0000-0x00000261432D1000-memory.dmp

Filesize
4KB

Download
memory/3732-67-0x00000261432D0000-0x00000261432D1000-memory.dmp

Filesize
4KB

Download
memory/3732-41-0x0000026143570000-0x0000026143571000-memory.dmp

Filesize
4KB

Download

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads