Overview

overview

1

Static

static

1

Untitled document.txt

windows10-1703-x64

1

Untitled document.txt

windows10-2004-x64

1

Resubmissions

13/02/2024, 15:44

240213-s6rtbadg29 6

13/02/2024, 14:50

240213-r71xyadc69 6

13/02/2024, 14:44

240213-r4jt9adc33 6

13/02/2024, 14:41

240213-r2we9scb21 6

13/02/2024, 14:40

240213-r17f5scb2t 1

Analysis

  • max time kernel
    1508s
  • max time network
    1473s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20231215-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20231215-enlocale:en-usos:windows10-2004-x64system
  • submitted
    13/02/2024, 14:40

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    Untitled document.txt

  • Size

    173B

  • MD5

    f388b88f4839029e5198fe8e2de36b36

  • SHA1

    305c1aaf8d44d9cb4f74cc67c1bbf084aca27acd

  • SHA256

    2c433ffb2a21830ae7f7e01afdaf08b9f015492355dacfa51fb139bf4a088f1c

  • SHA512

    38e012cb4d4a65691234746bd06f01ef9835f75ea648bc3b0e83d32c220784efede34f44007171be79d87a27763f8d38383bf3e252c8507c4f744307e28ad457

Score
1/10

Malware Config

Signatures

  • Suspicious use of AdjustPrivilegeToken 1 IoCs

Processes

  • C:\Windows\system32\NOTEPAD.EXE
    C:\Windows\system32\NOTEPAD.EXE "C:\Users\Admin\AppData\Local\Temp\Untitled document.txt"
    1⤵
      PID:3992
    • C:\Windows\system32\rundll32.exe
      "C:\Windows\system32\rundll32.exe" "C:\Windows\SYSTEM32\EDGEHTML.dll",#141 Microsoft.VCLibs.140.00_8wekyb3d8bbwe
      1⤵
        PID:2944
      • C:\Windows\System32\svchost.exe
        C:\Windows\System32\svchost.exe -k UnistackSvcGroup
        1⤵
        • Suspicious use of AdjustPrivilegeToken
        PID:5036

      Network

      MITRE ATT&CK Matrix

      Replay Monitor

      Loading Replay Monitor...

      Downloads

      • memory/2944-1-0x00000288D6280000-0x00000288D6288000-memory.dmp

        Filesize

        32KB

        Download

      • memory/5036-2-0x00000289CBA40000-0x00000289CBA50000-memory.dmp

        Filesize

        64KB

        Download

      • memory/5036-18-0x00000289CBB40000-0x00000289CBB50000-memory.dmp

        Filesize

        64KB

        Download

      • memory/5036-34-0x00000289D3E50000-0x00000289D3E51000-memory.dmp

        Filesize

        4KB

        Download

      • memory/5036-36-0x00000289D3E80000-0x00000289D3E81000-memory.dmp

        Filesize

        4KB

        Download

      • memory/5036-37-0x00000289D3E80000-0x00000289D3E81000-memory.dmp

        Filesize

        4KB

        Download

      • memory/5036-38-0x00000289D3F90000-0x00000289D3F91000-memory.dmp

        Filesize

        4KB

        Download