5683dfe3d9bf8a8cf1c141a1dc8507756442c4ddae2bc0f6f1e9d7dd489011e1

Analysis

max time kernel
141s
max time network
150s
platform
windows10-2004_x64
resource
win10v2004-20231215-en
resource tags

arch:x64arch:x86image:win10v2004-20231215-enlocale:en-usos:windows10-2004-x64system
submitted
24/12/2023, 14:03

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

5683dfe3d9bf8a8cf1c141a1dc8507756442c4ddae2bc0f6f1e9d7dd489011e1.dll
Size

397KB
MD5

4c9bef47c89f799a0b3a1e51ca43a5ec
SHA1

9e3267047ea577c552dbe9df0a4ba9532240b85c
SHA256

5683dfe3d9bf8a8cf1c141a1dc8507756442c4ddae2bc0f6f1e9d7dd489011e1
SHA512

268a4ffe72e6ee70d5443f8349954fd304a9695bec9595ea6c56e93d662806eb0ce66bd5832355302e48daf09b7e0efc3d699f3526a28e0396c635072f003eb4
SSDEEP

6144:151sacsiu2LDeIHoMDIbGFtcEOkCybEaQRXr9HNdvOas:174g2LDeiPDImOkx2LIas

Score

1^/10

Malware Config

Signatures

Suspicious behavior: EnumeratesProcesses 8 IoCs

pid	Process
4320	rundll32.exe
4320	rundll32.exe
4320	rundll32.exe
4320	rundll32.exe
4320	rundll32.exe
4320	rundll32.exe
4320	rundll32.exe
4320	rundll32.exe

Suspicious use of AdjustPrivilegeToken 3 IoCs

description	pid	Process
Token: SeDebugPrivilege	4320	rundll32.exe
Token: SeTcbPrivilege	4320	rundll32.exe
Token: SeManageVolumePrivilege	1960	svchost.exe

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 4148 wrote to memory of 4320	4148	rundll32.exe	51
PID 4148 wrote to memory of 4320	4148	rundll32.exe	51
PID 4148 wrote to memory of 4320	4148	rundll32.exe	51

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\5683dfe3d9bf8a8cf1c141a1dc8507756442c4ddae2bc0f6f1e9d7dd489011e1.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:4148
- C:\Windows\SysWOW64\rundll32.exe
  rundll32.exe C:\Users\Admin\AppData\Local\Temp\5683dfe3d9bf8a8cf1c141a1dc8507756442c4ddae2bc0f6f1e9d7dd489011e1.dll,#1
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  - Suspicious use of AdjustPrivilegeToken
  PID:4320

C:\Windows\system32\rundll32.exe
"C:\Windows\system32\rundll32.exe" "C:\Windows\SYSTEM32\EDGEHTML.dll",#141 Microsoft.VCLibs.140.00_8wekyb3d8bbwe
1⤵
PID:644

C:\Windows\System32\svchost.exe
C:\Windows\System32\svchost.exe -k UnistackSvcGroup
1⤵
- Suspicious use of AdjustPrivilegeToken
PID:1960

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Comms\UnistoreDB\store.jfm

Filesize
16KB

MD5
000e99714aad1f16a5bc409b6a9a8aba

SHA1
b7d04847871210b1e6a137cab8da816a8706391c

SHA256
11c843052121fbe983e0e226d5f3a2b9cec71d65e78a9974260c7cba6e60ff08

SHA512
aef1400d058e8b3ea2279f0bd5a447b343c3d24dce3c563e916e3915aa430c658bff2be80778fbb888bcd918727fe2ad3c8d76ba2fef5150ba3a7ed30f100394

Download Submit
memory/1960-36-0x0000018552980000-0x0000018552981000-memory.dmp

Filesize
4KB

Download
memory/1960-34-0x0000018552980000-0x0000018552981000-memory.dmp

Filesize
4KB

Download
memory/1960-33-0x0000018552980000-0x0000018552981000-memory.dmp

Filesize
4KB

Download
memory/1960-39-0x0000018552980000-0x0000018552981000-memory.dmp

Filesize
4KB

Download
memory/1960-41-0x0000018552980000-0x0000018552981000-memory.dmp

Filesize
4KB

Download
memory/1960-40-0x0000018552980000-0x0000018552981000-memory.dmp

Filesize
4KB

Download
memory/1960-42-0x0000018552980000-0x0000018552981000-memory.dmp

Filesize
4KB

Download
memory/1960-38-0x0000018552980000-0x0000018552981000-memory.dmp

Filesize
4KB

Download
memory/1960-37-0x0000018552980000-0x0000018552981000-memory.dmp

Filesize
4KB

Download
memory/1960-49-0x0000018552590000-0x0000018552591000-memory.dmp

Filesize
4KB

Download
memory/1960-32-0x0000018552950000-0x0000018552951000-memory.dmp

Filesize
4KB

Download
memory/1960-35-0x0000018552980000-0x0000018552981000-memory.dmp

Filesize
4KB

Download
memory/1960-16-0x000001854A360000-0x000001854A370000-memory.dmp

Filesize
64KB

Download
memory/1960-46-0x00000185525A0000-0x00000185525A1000-memory.dmp

Filesize
4KB

Download
memory/1960-44-0x0000018552590000-0x0000018552591000-memory.dmp

Filesize
4KB

Download
memory/1960-52-0x00000185524D0000-0x00000185524D1000-memory.dmp

Filesize
4KB

Download
memory/1960-43-0x00000185525A0000-0x00000185525A1000-memory.dmp

Filesize
4KB

Download
memory/1960-68-0x00000185527F0000-0x00000185527F1000-memory.dmp

Filesize
4KB

Download
memory/1960-67-0x00000185526E0000-0x00000185526E1000-memory.dmp

Filesize
4KB

Download
memory/1960-66-0x00000185526E0000-0x00000185526E1000-memory.dmp

Filesize
4KB

Download
memory/1960-64-0x00000185526D0000-0x00000185526D1000-memory.dmp

Filesize
4KB

Download
memory/1960-0-0x000001854A260000-0x000001854A270000-memory.dmp

Filesize
64KB

Download