7e10e30e5d7ad6e2eb87051e75b962a0ba1549b752ff0e48f5e24f557c97ca94

Analysis

max time kernel
573s
max time network
514s
platform
windows10-2004_x64
resource
win10v2004-20240226-en
resource tags

arch:x64arch:x86image:win10v2004-20240226-enlocale:en-usos:windows10-2004-x64system
submitted
13/03/2024, 01:38

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

MailBee.NET.dll
Size

1.7MB
MD5

6dde77d756621d00016945736760f717
SHA1

7094f0dea1b4c4bfd7f840b63b704dfc9bdd079f
SHA256

81632ee251474cb656dce412181e9f68f426ba20f3a0c4120c868a0cf05cd6d0
SHA512

e3389201e9d198be6304b79559d9d5d457cb33c74b441afb7ecafe4aaafb3cb0d583cd4ab8a5eb6045cd934d2c2a4007f6d1474beb5584585fcaae0060f4b813
SSDEEP

24576:sDMgcE4ilhMM9XBav0OvQRk/9P7miD6MaP7N:sDMgcWfMM9XBQ0OvRmiW17

Score

1^/10

Malware Config

Signatures

Suspicious use of AdjustPrivilegeToken 1 IoCs

description	pid	Process
Token: SeManageVolumePrivilege	2332	svchost.exe

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\MailBee.NET.dll,#1
1⤵
PID:4036

C:\Windows\system32\rundll32.exe
"C:\Windows\system32\rundll32.exe" "C:\Windows\SYSTEM32\EDGEHTML.dll",#141 Microsoft.VCLibs.140.00_8wekyb3d8bbwe
1⤵
PID:3876

C:\Windows\System32\svchost.exe
C:\Windows\System32\svchost.exe -k UnistackSvcGroup
1⤵
- Suspicious use of AdjustPrivilegeToken
PID:2332

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

memory/2332-0-0x0000017873440000-0x0000017873450000-memory.dmp

Filesize
64KB

Download
memory/2332-16-0x0000017873540000-0x0000017873550000-memory.dmp

Filesize
64KB

Download
memory/2332-32-0x000001787BAF0000-0x000001787BAF1000-memory.dmp

Filesize
4KB

Download
memory/2332-33-0x000001787BB10000-0x000001787BB11000-memory.dmp

Filesize
4KB

Download
memory/2332-34-0x000001787BB10000-0x000001787BB11000-memory.dmp

Filesize
4KB

Download
memory/2332-35-0x000001787BB10000-0x000001787BB11000-memory.dmp

Filesize
4KB

Download
memory/2332-36-0x000001787BB10000-0x000001787BB11000-memory.dmp

Filesize
4KB

Download
memory/2332-37-0x000001787BB10000-0x000001787BB11000-memory.dmp

Filesize
4KB

Download
memory/2332-38-0x000001787BB10000-0x000001787BB11000-memory.dmp

Filesize
4KB

Download
memory/2332-39-0x000001787BB10000-0x000001787BB11000-memory.dmp

Filesize
4KB

Download
memory/2332-40-0x000001787BB10000-0x000001787BB11000-memory.dmp

Filesize
4KB

Download
memory/2332-41-0x000001787BB10000-0x000001787BB11000-memory.dmp

Filesize
4KB

Download
memory/2332-42-0x000001787BB10000-0x000001787BB11000-memory.dmp

Filesize
4KB

Download
memory/2332-43-0x000001787B740000-0x000001787B741000-memory.dmp

Filesize
4KB

Download
memory/2332-44-0x000001787B730000-0x000001787B731000-memory.dmp

Filesize
4KB

Download
memory/2332-46-0x000001787B740000-0x000001787B741000-memory.dmp

Filesize
4KB

Download
memory/2332-49-0x000001787B730000-0x000001787B731000-memory.dmp

Filesize
4KB

Download
memory/2332-52-0x000001787B670000-0x000001787B671000-memory.dmp

Filesize
4KB

Download
memory/2332-64-0x000001787B870000-0x000001787B871000-memory.dmp

Filesize
4KB

Download
memory/2332-66-0x000001787B880000-0x000001787B881000-memory.dmp

Filesize
4KB

Download
memory/2332-67-0x000001787B880000-0x000001787B881000-memory.dmp

Filesize
4KB

Download
memory/2332-68-0x000001787B990000-0x000001787B991000-memory.dmp

Filesize
4KB

Download

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads