7e9db9bf79d4bafa9ae16ba6d2d7ef4f065be9b40eee62b4f03084961e8457ad

Analysis

max time kernel
299s
max time network
294s
platform
windows10-2004_x64
resource
win10v2004-20231215-en
resource tags

arch:x64arch:x86image:win10v2004-20231215-enlocale:en-usos:windows10-2004-x64system
submitted
12/01/2024, 08:57

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

test_large.exe
Size

3.3MB
MD5

f6bb217ef41610cae7da63e70f35c7ed
SHA1

fa001c38d8a526dc08c6a4a6fed53d1d2e3fccc0
SHA256

7e9db9bf79d4bafa9ae16ba6d2d7ef4f065be9b40eee62b4f03084961e8457ad
SHA512

3f584ee154967d86079345ea1451ab99afdd0202b406dd31d0d1ae3cfdeeda233e8181cc85c0ceb718defd033480b3ebe9faf691a4c75a56d6eefb73ef484bbf
SSDEEP

49152:iV1NybKv+m+4FA5utGHrQwthfpaHh/Kw+FwKQ:iuKvG4b

Score

1^/10

Malware Config

Signatures

Suspicious use of AdjustPrivilegeToken 1 IoCs

description	pid	Process
Token: SeManageVolumePrivilege	3196	svchost.exe

Suspicious use of SetWindowsHookEx 2 IoCs

pid	Process
3008	test_large.exe
3008	test_large.exe

C:\Users\Admin\AppData\Local\Temp\test_large.exe
"C:\Users\Admin\AppData\Local\Temp\test_large.exe"
1⤵
- Suspicious use of SetWindowsHookEx
PID:3008

C:\Windows\system32\rundll32.exe
"C:\Windows\system32\rundll32.exe" "C:\Windows\SYSTEM32\EDGEHTML.dll",#141 Microsoft.VCLibs.140.00_8wekyb3d8bbwe
1⤵
PID:3644

C:\Windows\System32\svchost.exe
C:\Windows\System32\svchost.exe -k UnistackSvcGroup
1⤵
- Suspicious use of AdjustPrivilegeToken
PID:3196

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Comms\UnistoreDB\store.jfm

Filesize
16KB

MD5
bbf48ce1c7e357bf17814e12fb360a30

SHA1
6849249eb8b8d769269419015e33098db1c8fd54

SHA256
5d72ac4f08a17a0962496d1008e1606d8cbe1cfbddbf740179d9be68bba6373c

SHA512
9640d211fa2ce73efab85636d717b6530a6b300d68208066bf284825448ae8ab7b8daaeebe9bab61228f56006f0b0d87e0cb0976c20d1f4a1211ae76f7dddfc7

Download Submit
memory/3196-64-0x00000272EDFE0000-0x00000272EDFE1000-memory.dmp

Filesize
4KB

Download
memory/3196-49-0x00000272EDEA0000-0x00000272EDEA1000-memory.dmp

Filesize
4KB

Download
memory/3196-42-0x00000272EE290000-0x00000272EE291000-memory.dmp

Filesize
4KB

Download
memory/3196-41-0x00000272EE290000-0x00000272EE291000-memory.dmp

Filesize
4KB

Download
memory/3196-39-0x00000272EE290000-0x00000272EE291000-memory.dmp

Filesize
4KB

Download
memory/3196-52-0x00000272EDDE0000-0x00000272EDDE1000-memory.dmp

Filesize
4KB

Download
memory/3196-68-0x00000272EE100000-0x00000272EE101000-memory.dmp

Filesize
4KB

Download
memory/3196-67-0x00000272EDFF0000-0x00000272EDFF1000-memory.dmp

Filesize
4KB

Download
memory/3196-66-0x00000272EDFF0000-0x00000272EDFF1000-memory.dmp

Filesize
4KB

Download
memory/3196-46-0x00000272EDEB0000-0x00000272EDEB1000-memory.dmp

Filesize
4KB

Download
memory/3196-40-0x00000272EE290000-0x00000272EE291000-memory.dmp

Filesize
4KB

Download
memory/3196-33-0x00000272EE290000-0x00000272EE291000-memory.dmp

Filesize
4KB

Download
memory/3196-16-0x00000272E5C70000-0x00000272E5C80000-memory.dmp

Filesize
64KB

Download
memory/3196-44-0x00000272EDEA0000-0x00000272EDEA1000-memory.dmp

Filesize
4KB

Download
memory/3196-43-0x00000272EDEB0000-0x00000272EDEB1000-memory.dmp

Filesize
4KB

Download
memory/3196-38-0x00000272EE290000-0x00000272EE291000-memory.dmp

Filesize
4KB

Download
memory/3196-37-0x00000272EE290000-0x00000272EE291000-memory.dmp

Filesize
4KB

Download
memory/3196-36-0x00000272EE290000-0x00000272EE291000-memory.dmp

Filesize
4KB

Download
memory/3196-35-0x00000272EE290000-0x00000272EE291000-memory.dmp

Filesize
4KB

Download
memory/3196-34-0x00000272EE290000-0x00000272EE291000-memory.dmp

Filesize
4KB

Download
memory/3196-32-0x00000272EE260000-0x00000272EE261000-memory.dmp

Filesize
4KB

Download
memory/3196-0-0x00000272E5B70000-0x00000272E5B80000-memory.dmp

Filesize
64KB

Download

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads