52eb8d76e9a894762fe77ec5c4bb4a0a758df17fa7fccf0d63b229873b13c48e

Analysis

max time kernel
143s
max time network
150s
platform
windows10-2004_x64
resource
win10v2004-20231127-en
resource tags

arch:x64arch:x86image:win10v2004-20231127-enlocale:en-usos:windows10-2004-x64system
submitted
11-12-2023 20:29

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

email-plain-1.txt
Size

5KB
MD5

652bca6b8f22954a23e56633a91f53d2
SHA1

1bc08b4c5c85d792adaa83cb46249b43c662328c
SHA256

f99626c0d5a5fef1dc359030e1643756fd9224a3a125e6892b2b21dd4cd1c247
SHA512

da92d5e608bd28a44582fe71488a1cb358ec4b942782477c180a019af758af2ad183c08a24a038f290b7f09e6c54b838ff6538d130b861cd24ba6444a5e37435
SSDEEP

48:N02y0WfbdcHFDv7PiQFme3NQFrVIf9bOMRIFQhxsmvdMUuAX8X3J:N02yHCBPDMDSFMW25

Score

1^/10

Malware Config

Signatures

Suspicious use of AdjustPrivilegeToken 1 IoCs

description	pid	Process
Token: SeManageVolumePrivilege	2192	svchost.exe

C:\Windows\system32\NOTEPAD.EXE
C:\Windows\system32\NOTEPAD.EXE C:\Users\Admin\AppData\Local\Temp\email-plain-1.txt
1⤵
PID:1096

C:\Windows\system32\rundll32.exe
"C:\Windows\system32\rundll32.exe" "C:\Windows\SYSTEM32\EDGEHTML.dll",#141 Microsoft.VCLibs.140.00_8wekyb3d8bbwe
1⤵
PID:4280

C:\Windows\System32\svchost.exe
C:\Windows\System32\svchost.exe -k UnistackSvcGroup
1⤵
- Suspicious use of AdjustPrivilegeToken
PID:2192

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Comms\UnistoreDB\store.jfm

Filesize
16KB

MD5
a33c2e2adea2cb65f3cdd745f4321f01

SHA1
e53b18cf79c25619a73fcc467a2f62644d1f050d

SHA256
8c7162f38bbccb4ee546271fea2767525036e75300fb00754dfcd8b63ed3155c

SHA512
a6aa22adad442c64944f8f7722102c3d26343d77fbcb57095c597a079505cbf2af27ae0b01a923defcfeb092152d39eb709612a15eb0ca4aca7edf0c70fa37d8

Download Submit
memory/2192-40-0x00000155358D0000-0x00000155358D1000-memory.dmp

Filesize
4KB

Download
memory/2192-33-0x00000155358D0000-0x00000155358D1000-memory.dmp

Filesize
4KB

Download
memory/2192-42-0x00000155358D0000-0x00000155358D1000-memory.dmp

Filesize
4KB

Download
memory/2192-34-0x00000155358D0000-0x00000155358D1000-memory.dmp

Filesize
4KB

Download
memory/2192-35-0x00000155358D0000-0x00000155358D1000-memory.dmp

Filesize
4KB

Download
memory/2192-36-0x00000155358D0000-0x00000155358D1000-memory.dmp

Filesize
4KB

Download
memory/2192-37-0x00000155358D0000-0x00000155358D1000-memory.dmp

Filesize
4KB

Download
memory/2192-38-0x00000155358D0000-0x00000155358D1000-memory.dmp

Filesize
4KB

Download
memory/2192-43-0x0000015535500000-0x0000015535501000-memory.dmp

Filesize
4KB

Download
memory/2192-0-0x000001552D240000-0x000001552D250000-memory.dmp

Filesize
64KB

Download
memory/2192-68-0x0000015535740000-0x0000015535741000-memory.dmp

Filesize
4KB

Download
memory/2192-32-0x00000155358A0000-0x00000155358A1000-memory.dmp

Filesize
4KB

Download
memory/2192-39-0x00000155358D0000-0x00000155358D1000-memory.dmp

Filesize
4KB

Download
memory/2192-44-0x00000155354F0000-0x00000155354F1000-memory.dmp

Filesize
4KB

Download
memory/2192-46-0x0000015535500000-0x0000015535501000-memory.dmp

Filesize
4KB

Download
memory/2192-49-0x00000155354F0000-0x00000155354F1000-memory.dmp

Filesize
4KB

Download
memory/2192-52-0x000001552CBE0000-0x000001552CBE1000-memory.dmp

Filesize
4KB

Download
memory/2192-16-0x000001552D340000-0x000001552D350000-memory.dmp

Filesize
64KB

Download
memory/2192-64-0x0000015535620000-0x0000015535621000-memory.dmp

Filesize
4KB

Download
memory/2192-66-0x0000015535630000-0x0000015535631000-memory.dmp

Filesize
4KB

Download
memory/2192-67-0x0000015535630000-0x0000015535631000-memory.dmp

Filesize
4KB

Download
memory/2192-41-0x00000155358D0000-0x00000155358D1000-memory.dmp

Filesize
4KB

Download

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads