2afb5303e191dde688c5626c3ee545e32e52f09da3b35b20f5e0d29a418432f5

Analysis

max time kernel
1504s
max time network
1475s
platform
windows10-2004_x64
resource
win10v2004-20231215-en
resource tags

arch:x64arch:x86image:win10v2004-20231215-enlocale:en-usos:windows10-2004-x64system
submitted
11-02-2024 15:36

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

x64/plugins/UserNotes.dll
Size

114KB
MD5

e48c789c425f966f5e5ee3187934174f
SHA1

96f85a86a56cbf55ebd547039eb1f8b0db9d9d8d
SHA256

fc9d0d0482c63ab7f238bc157c3c0fed97951ccf2d2e45be45c06c426c72cb52
SHA512

efdb42e4a1993ee6aa5c0c525bd58316d6c92fbc5cebbc3a66a26e2cf0c69fe68d19bc9313656ad1d38c4aef33131924684e226f88ef920e0e2cd607054a857c
SSDEEP

1536:0fiz3P6ZDIigvpiwyXtHaGFKNQCf5FlvULnQDCdxNsW99dlhSkkOZ8DCuB8ViFw:3P6Z0iGNyd6Gi7f5/eQExdL1kY8DCurw

Score

1^/10

Malware Config

Signatures

Suspicious use of AdjustPrivilegeToken 1 IoCs

description	pid	Process
Token: SeManageVolumePrivilege	2752	svchost.exe

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\x64\plugins\UserNotes.dll,#1
1⤵
PID:4580

C:\Windows\system32\rundll32.exe
"C:\Windows\system32\rundll32.exe" "C:\Windows\SYSTEM32\EDGEHTML.dll",#141 Microsoft.VCLibs.140.00_8wekyb3d8bbwe
1⤵
PID:2316

C:\Windows\System32\svchost.exe
C:\Windows\System32\svchost.exe -k UnistackSvcGroup
1⤵
- Suspicious use of AdjustPrivilegeToken
PID:2752

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Comms\UnistoreDB\store.jfm

Filesize
16KB

MD5
8a96843db38f3e970cc53fa7ccb69100

SHA1
13084d0cdaa073c9851753359bc1efa5aa510525

SHA256
b8386b6a3eaf15f72e73fc9a9b3302dd6c69f8f06d7c0c23f30592469e37132d

SHA512
07028f6fef672b56962644c22884bc52084443e4588c3d23e2745efecb27bf3af34e961f584d058195d95f22da99dd7a1e2ec8c72c97f488982bc2e49abc4cd6

Download Submit
memory/2752-40-0x000002C86E4C0000-0x000002C86E4C1000-memory.dmp

Filesize
4KB

Download
memory/2752-33-0x000002C86E4C0000-0x000002C86E4C1000-memory.dmp

Filesize
4KB

Download
memory/2752-42-0x000002C86E4C0000-0x000002C86E4C1000-memory.dmp

Filesize
4KB

Download
memory/2752-34-0x000002C86E4C0000-0x000002C86E4C1000-memory.dmp

Filesize
4KB

Download
memory/2752-35-0x000002C86E4C0000-0x000002C86E4C1000-memory.dmp

Filesize
4KB

Download
memory/2752-36-0x000002C86E4C0000-0x000002C86E4C1000-memory.dmp

Filesize
4KB

Download
memory/2752-37-0x000002C86E4C0000-0x000002C86E4C1000-memory.dmp

Filesize
4KB

Download
memory/2752-38-0x000002C86E4C0000-0x000002C86E4C1000-memory.dmp

Filesize
4KB

Download
memory/2752-43-0x000002C86E100000-0x000002C86E101000-memory.dmp

Filesize
4KB

Download
memory/2752-0-0x000002C865E40000-0x000002C865E50000-memory.dmp

Filesize
64KB

Download
memory/2752-68-0x000002C86E340000-0x000002C86E341000-memory.dmp

Filesize
4KB

Download
memory/2752-32-0x000002C86E4A0000-0x000002C86E4A1000-memory.dmp

Filesize
4KB

Download
memory/2752-39-0x000002C86E4C0000-0x000002C86E4C1000-memory.dmp

Filesize
4KB

Download
memory/2752-44-0x000002C86E0F0000-0x000002C86E0F1000-memory.dmp

Filesize
4KB

Download
memory/2752-46-0x000002C86E100000-0x000002C86E101000-memory.dmp

Filesize
4KB

Download
memory/2752-49-0x000002C86E0F0000-0x000002C86E0F1000-memory.dmp

Filesize
4KB

Download
memory/2752-52-0x000002C8657E0000-0x000002C8657E1000-memory.dmp

Filesize
4KB

Download
memory/2752-16-0x000002C865F40000-0x000002C865F50000-memory.dmp

Filesize
64KB

Download
memory/2752-64-0x000002C86E220000-0x000002C86E221000-memory.dmp

Filesize
4KB

Download
memory/2752-66-0x000002C86E230000-0x000002C86E231000-memory.dmp

Filesize
4KB

Download
memory/2752-67-0x000002C86E230000-0x000002C86E231000-memory.dmp

Filesize
4KB

Download
memory/2752-41-0x000002C86E4C0000-0x000002C86E4C1000-memory.dmp

Filesize
4KB

Download

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads