694a79269a6ec2691fcc9f75cf3a1a72fd96cea1b670a8a4b71a86701f8827b3

Analysis

max time kernel
143s
max time network
149s
platform
windows10-2004_x64
resource
win10v2004-20231222-en
resource tags

arch:x64arch:x86image:win10v2004-20231222-enlocale:en-usos:windows10-2004-x64system
submitted
15/01/2024, 03:00

Target

5bf6071819d04b1dcb6a3c8602048e04.js
Size

248KB
MD5

5bf6071819d04b1dcb6a3c8602048e04
SHA1

2e4753f3515db1ccaf7f31e951e676b7e873dd89
SHA256

694a79269a6ec2691fcc9f75cf3a1a72fd96cea1b670a8a4b71a86701f8827b3
SHA512

7c2bbcff2131dd70039559b98d8dea760e8a80e4b5c5971b93b997c7339346869de98a80ba98e87cd29e72d6918b43ff1d996679db2ceefffda8009f7510acf7
SSDEEP

3072:BJGnjse/fI7uRk1ssH9gRWdvj9vTNXTP+77eXTP+7pt:Gse0BssHbl5RXTtXTS

Score

1^/10

Suspicious use of AdjustPrivilegeToken 1 IoCs

description	pid	Process
Token: SeManageVolumePrivilege	4308	svchost.exe

C:\Windows\system32\wscript.exe
wscript.exe C:\Users\Admin\AppData\Local\Temp\5bf6071819d04b1dcb6a3c8602048e04.js
1⤵
PID:3512

C:\Windows\system32\rundll32.exe
"C:\Windows\system32\rundll32.exe" "C:\Windows\SYSTEM32\EDGEHTML.dll",#141 Microsoft.VCLibs.140.00_8wekyb3d8bbwe
1⤵
PID:2300

C:\Windows\System32\svchost.exe
C:\Windows\System32\svchost.exe -k UnistackSvcGroup
1⤵
- Suspicious use of AdjustPrivilegeToken
PID:4308

memory/4308-16-0x0000014131540000-0x0000014131550000-memory.dmp

Filesize
64KB

Download
memory/4308-34-0x0000014139860000-0x0000014139861000-memory.dmp

Filesize
4KB

Download
memory/4308-36-0x0000014139970000-0x0000014139971000-memory.dmp

Filesize
4KB

Download
memory/4308-35-0x0000014139860000-0x0000014139861000-memory.dmp

Filesize
4KB

Download
memory/4308-32-0x0000014139830000-0x0000014139831000-memory.dmp

Filesize
4KB

Download
memory/4308-0-0x0000014131440000-0x0000014131450000-memory.dmp

Filesize
64KB

Download