d005c57d0622e735286bedfec35ccfe570127dee62e17952816cf4039d42ce44

Analysis

max time kernel
145s
max time network
146s
platform
windows10-2004_x64
resource
win10v2004-20231222-en
resource tags

arch:x64arch:x86image:win10v2004-20231222-enlocale:en-usos:windows10-2004-x64system
submitted
19/01/2024, 05:19

Target

66cbeceb8a5e7bd84765a8b6013f9a00.exe
Size

32KB
MD5

66cbeceb8a5e7bd84765a8b6013f9a00
SHA1

f2e499d05be81f0d3a343f51210bf209f39b0779
SHA256

d005c57d0622e735286bedfec35ccfe570127dee62e17952816cf4039d42ce44
SHA512

370f4f7b98822a57eb7e2f8bf2e045b27ae277e40f0bb66000985dbc812458d1f486c05bedbc40bd535f42942022e6a26a01f3ad032fd4cbff0022797f570063
SSDEEP

384:tMDNeLNek+vD3AS1nmg0XIUZK1HzTNJDsNo+Nek+vDNNe:tMnArgfUszTNpsNo

Score

4^/10

Drops file in Windows directory 2 IoCs

description	ioc	Process
File created	C:\Windows\MSASS.EXE	66cbeceb8a5e7bd84765a8b6013f9a00.exe
File opened for modification	C:\Windows\MSASS.EXE	66cbeceb8a5e7bd84765a8b6013f9a00.exe

Suspicious use of AdjustPrivilegeToken 1 IoCs

description	pid	Process
Token: SeManageVolumePrivilege	2016	svchost.exe

Suspicious use of SetWindowsHookEx 1 IoCs

pid	Process
5052	66cbeceb8a5e7bd84765a8b6013f9a00.exe

C:\Windows\system32\rundll32.exe
"C:\Windows\system32\rundll32.exe" "C:\Windows\SYSTEM32\EDGEHTML.dll",#141 Microsoft.VCLibs.140.00_8wekyb3d8bbwe
1⤵
PID:2084

C:\Windows\System32\svchost.exe
C:\Windows\System32\svchost.exe -k UnistackSvcGroup
1⤵
- Suspicious use of AdjustPrivilegeToken
PID:2016

memory/2016-4-0x00000170A7140000-0x00000170A7150000-memory.dmp

Filesize
64KB

Download
memory/2016-20-0x00000170A7240000-0x00000170A7250000-memory.dmp

Filesize
64KB

Download
memory/2016-36-0x00000170AF570000-0x00000170AF571000-memory.dmp

Filesize
4KB

Download
memory/2016-38-0x00000170AF5A0000-0x00000170AF5A1000-memory.dmp

Filesize
4KB

Download
memory/2016-39-0x00000170AF5A0000-0x00000170AF5A1000-memory.dmp

Filesize
4KB

Download
memory/2016-40-0x00000170AF6B0000-0x00000170AF6B1000-memory.dmp

Filesize
4KB

Download