4d9f9c329200d932ad5a1b30d419aca5a67addd6b1f08740ddac4e8dc32e20f0

Analysis

max time kernel
1517s
max time network
1476s
platform
windows10-2004_x64
resource
win10v2004-20231215-en
resource tags

arch:x64arch:x86image:win10v2004-20231215-enlocale:en-usos:windows10-2004-x64system
submitted
18-02-2024 16:28

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

LANC Remastered (lancremasteredpcps.com)/PcapDotNet.Core.Extensions.dll
Size

11KB
MD5

bd02851517ba8a2252ae5f6588e8886e
SHA1

3fffe62696ad6e49ca589bb1b2d9a78af304f63a
SHA256

925b370a65d5135d1425027e5087be62d098d822b9f2cecd840cd7efa5397380
SHA512

539bb43c27f2e8407f6a9a01f64f2c7adf551cf8478fcb436a10a2258d5a7b16cba9d104971b75e582b1738a271f7e123aecd6e3aa68828af19711a0df9a16b0
SSDEEP

192:gefaXV/jf+FGKZ4vQZF/bsi5yuYvZyGZwzIbSrFf/wZp+e0Zs:gefkSGKcUHzGRZwzIbSrFf/Gd

Score

1^/10

Malware Config

Signatures

Suspicious use of AdjustPrivilegeToken 1 IoCs

Processes:

svchost.exe

description pid process

Token: SeManageVolumePrivilege 5032 svchost.exe

description	pid	process
Token: SeManageVolumePrivilege	5032	svchost.exe

C:\Windows\system32\rundll32.exe
rundll32.exe "C:\Users\Admin\AppData\Local\Temp\LANC Remastered (lancremasteredpcps.com)\PcapDotNet.Core.Extensions.dll",#1
1⤵
PID:4984

C:\Windows\system32\rundll32.exe
"C:\Windows\system32\rundll32.exe" "C:\Windows\SYSTEM32\EDGEHTML.dll",#141 Microsoft.VCLibs.140.00_8wekyb3d8bbwe
1⤵
PID:2300

C:\Windows\System32\svchost.exe
C:\Windows\System32\svchost.exe -k UnistackSvcGroup
1⤵
- Suspicious use of AdjustPrivilegeToken
PID:5032

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

memory/5032-0-0x000002D198B40000-0x000002D198B50000-memory.dmp

Filesize
64KB

Download
memory/5032-16-0x000002D198C40000-0x000002D198C50000-memory.dmp

Filesize
64KB

Download
memory/5032-32-0x000002D1A1210000-0x000002D1A1211000-memory.dmp

Filesize
4KB

Download
memory/5032-33-0x000002D1A1240000-0x000002D1A1241000-memory.dmp

Filesize
4KB

Download
memory/5032-34-0x000002D1A1240000-0x000002D1A1241000-memory.dmp

Filesize
4KB

Download
memory/5032-35-0x000002D1A1240000-0x000002D1A1241000-memory.dmp

Filesize
4KB

Download
memory/5032-36-0x000002D1A1240000-0x000002D1A1241000-memory.dmp

Filesize
4KB

Download
memory/5032-37-0x000002D1A1240000-0x000002D1A1241000-memory.dmp

Filesize
4KB

Download
memory/5032-38-0x000002D1A1240000-0x000002D1A1241000-memory.dmp

Filesize
4KB

Download
memory/5032-39-0x000002D1A1240000-0x000002D1A1241000-memory.dmp

Filesize
4KB

Download
memory/5032-40-0x000002D1A1240000-0x000002D1A1241000-memory.dmp

Filesize
4KB

Download
memory/5032-41-0x000002D1A1240000-0x000002D1A1241000-memory.dmp

Filesize
4KB

Download
memory/5032-42-0x000002D1A1240000-0x000002D1A1241000-memory.dmp

Filesize
4KB

Download
memory/5032-43-0x000002D1A0E60000-0x000002D1A0E61000-memory.dmp

Filesize
4KB

Download
memory/5032-44-0x000002D1A0E50000-0x000002D1A0E51000-memory.dmp

Filesize
4KB

Download
memory/5032-46-0x000002D1A0E60000-0x000002D1A0E61000-memory.dmp

Filesize
4KB

Download
memory/5032-49-0x000002D1A0E50000-0x000002D1A0E51000-memory.dmp

Filesize
4KB

Download
memory/5032-52-0x000002D1A0D90000-0x000002D1A0D91000-memory.dmp

Filesize
4KB

Download
memory/5032-64-0x000002D1A0F90000-0x000002D1A0F91000-memory.dmp

Filesize
4KB

Download
memory/5032-66-0x000002D1A0FA0000-0x000002D1A0FA1000-memory.dmp

Filesize
4KB

Download
memory/5032-67-0x000002D1A0FA0000-0x000002D1A0FA1000-memory.dmp

Filesize
4KB

Download
memory/5032-68-0x000002D1A10B0000-0x000002D1A10B1000-memory.dmp

Filesize
4KB

Download

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads