1997c04607ce332cb150cc82d9dbfeea22c123b629b3d6978a4db567495f0940

Analysis

max time kernel
143s
max time network
150s
platform
windows10-2004_x64
resource
win10v2004-20231025-en
resource tags

arch:x64arch:x86image:win10v2004-20231025-enlocale:en-usos:windows10-2004-x64system
submitted
24-11-2023 12:42

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

ClipUp.exe
Size

1.1MB
MD5

84a88222c6a952e49e90f36e8a2b05f1
SHA1

34c60e6296ed3470be565bb2d52b3077e39b222b
SHA256

1997c04607ce332cb150cc82d9dbfeea22c123b629b3d6978a4db567495f0940
SHA512

0bef12287d2f1d57073e1ec88db70f227f5185a938e91c4c0661acf326aca623514cfb279004bd3eb2bf2f68a0b476f3296ec6f05753a0e56e40eddd4394b2dc
SSDEEP

24576:G5myWJUZxm1SYy9VL6lK92ZrZDrTeIuqaqLyAflD4ugp4NF4RS7:G5VWJUZxm1SYy9VLkK92ZrZzXaqLyAfB

Score

1^/10

Malware Config

Signatures

Suspicious use of AdjustPrivilegeToken 1 IoCs

description	pid	Process
Token: SeManageVolumePrivilege	1108	svchost.exe

C:\Users\Admin\AppData\Local\Temp\ClipUp.exe
"C:\Users\Admin\AppData\Local\Temp\ClipUp.exe"
1⤵
PID:4184

C:\Windows\system32\rundll32.exe
"C:\Windows\system32\rundll32.exe" "C:\Windows\SYSTEM32\EDGEHTML.dll",#141 Microsoft.VCLibs.140.00_8wekyb3d8bbwe
1⤵
PID:4568

C:\Windows\System32\svchost.exe
C:\Windows\System32\svchost.exe -k UnistackSvcGroup
1⤵
- Suspicious use of AdjustPrivilegeToken
PID:1108

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Comms\UnistoreDB\store.jfm

Filesize
16KB

MD5
5a8f6f1e597b23a7e9087e7e51aff400

SHA1
dc7eef1501ef7cb1e4f9e450f48e554fa4238e6e

SHA256
ae949f83d3a5c1933c779ec191f63b64a94e214dcc55179618b06ba4f2f5e14e

SHA512
0ee4fb90dd4a85f0101b93c743f2a02226100559b67d699c761ec2d613e3ef133c9c09b9b360606535f9be6cfd98d9a81d8498078881d2684feb0ce4a8c50329

Download Submit
memory/1108-40-0x00000242CECA0000-0x00000242CECA1000-memory.dmp

Filesize
4KB

Download
memory/1108-33-0x00000242CEC90000-0x00000242CEC91000-memory.dmp

Filesize
4KB

Download
memory/1108-42-0x00000242CECA0000-0x00000242CECA1000-memory.dmp

Filesize
4KB

Download
memory/1108-34-0x00000242CEC90000-0x00000242CEC91000-memory.dmp

Filesize
4KB

Download
memory/1108-35-0x00000242CEC90000-0x00000242CEC91000-memory.dmp

Filesize
4KB

Download
memory/1108-36-0x00000242CEC90000-0x00000242CEC91000-memory.dmp

Filesize
4KB

Download
memory/1108-37-0x00000242CEC90000-0x00000242CEC91000-memory.dmp

Filesize
4KB

Download
memory/1108-38-0x00000242CEC90000-0x00000242CEC91000-memory.dmp

Filesize
4KB

Download
memory/1108-43-0x00000242CE8D0000-0x00000242CE8D1000-memory.dmp

Filesize
4KB

Download
memory/1108-0-0x00000242C6590000-0x00000242C65A0000-memory.dmp

Filesize
64KB

Download
memory/1108-68-0x00000242CEB20000-0x00000242CEB21000-memory.dmp

Filesize
4KB

Download
memory/1108-32-0x00000242CEC80000-0x00000242CEC81000-memory.dmp

Filesize
4KB

Download
memory/1108-39-0x00000242CEC90000-0x00000242CEC91000-memory.dmp

Filesize
4KB

Download
memory/1108-44-0x00000242CE8C0000-0x00000242CE8C1000-memory.dmp

Filesize
4KB

Download
memory/1108-46-0x00000242CE8D0000-0x00000242CE8D1000-memory.dmp

Filesize
4KB

Download
memory/1108-49-0x00000242CE8C0000-0x00000242CE8C1000-memory.dmp

Filesize
4KB

Download
memory/1108-52-0x00000242CE800000-0x00000242CE801000-memory.dmp

Filesize
4KB

Download
memory/1108-16-0x00000242C6690000-0x00000242C66A0000-memory.dmp

Filesize
64KB

Download
memory/1108-64-0x00000242CEA00000-0x00000242CEA01000-memory.dmp

Filesize
4KB

Download
memory/1108-66-0x00000242CEA10000-0x00000242CEA11000-memory.dmp

Filesize
4KB

Download
memory/1108-67-0x00000242CEA10000-0x00000242CEA11000-memory.dmp

Filesize
4KB

Download
memory/1108-41-0x00000242CECA0000-0x00000242CECA1000-memory.dmp

Filesize
4KB

Download

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads