eafd8f574ea7fd0f345eaa19eae8d0d78d5323c8154592c850a2d78a86817744

Analysis

max time kernel
1740s
max time network
1174s
platform
windows10-2004_x64
resource
win10v2004-20240226-en
resource tags

arch:x64arch:x86image:win10v2004-20240226-enlocale:en-usos:windows10-2004-x64system
submitted
13-03-2024 20:06

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

Chess-Assist-29.3.zip
Size

43.8MB
MD5

da596c5fa1bfe53dc6ef777e810c2e7d
SHA1

dc756fddd264eaadcc0c8e8576d11259bbe1c150
SHA256

eafd8f574ea7fd0f345eaa19eae8d0d78d5323c8154592c850a2d78a86817744
SHA512

bb7a10c4d9decee9687dfba5987939d1f55c3966bd80d06103d4bde6f61df3957d89392ac185b96ac668bc794193319dad33e34dde199df91eb2981e7e5f9fc3
SSDEEP

196608:rAA/coo9ZmMOfGI0QIdgCUlo1JKq5LJ2q82M/nSk827:rAHX9DQGI0Q321tr82MPl

Score

1^/10

Malware Config

Signatures

Suspicious use of AdjustPrivilegeToken 1 IoCs

description	pid	Process
Token: SeManageVolumePrivilege	4624	svchost.exe

C:\Windows\Explorer.exe
C:\Windows\Explorer.exe /idlist,,C:\Users\Admin\AppData\Local\Temp\Chess-Assist-29.3.zip
1⤵
PID:3300

C:\Windows\system32\rundll32.exe
"C:\Windows\system32\rundll32.exe" "C:\Windows\SYSTEM32\EDGEHTML.dll",#141 Microsoft.VCLibs.140.00_8wekyb3d8bbwe
1⤵
PID:3772

C:\Windows\System32\svchost.exe
C:\Windows\System32\svchost.exe -k UnistackSvcGroup
1⤵
- Suspicious use of AdjustPrivilegeToken
PID:4624

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Comms\UnistoreDB\store.jfm

Filesize
16KB

MD5
b90bbf956c95901cc91a19837d493474

SHA1
aa72f3c290d277288c309d2231b2b02c3e044748

SHA256
5ee9c1ead0244db30f07b095c640ccb66eb8c630fa0fef8fc6ea064ac44ba416

SHA512
cb40b37714a56566733b2f07379e46cdbc12507cac7906ecfcc698632671f3f8f78ae25139872fc9ebcae2efb68b664ecd3f0620db27c9a8602e011fe09b81a3

Download Submit
memory/4624-40-0x00000284FEBD0000-0x00000284FEBD1000-memory.dmp

Filesize
4KB

Download
memory/4624-33-0x00000284FEBD0000-0x00000284FEBD1000-memory.dmp

Filesize
4KB

Download
memory/4624-42-0x00000284FEBD0000-0x00000284FEBD1000-memory.dmp

Filesize
4KB

Download
memory/4624-34-0x00000284FEBD0000-0x00000284FEBD1000-memory.dmp

Filesize
4KB

Download
memory/4624-35-0x00000284FEBD0000-0x00000284FEBD1000-memory.dmp

Filesize
4KB

Download
memory/4624-36-0x00000284FEBD0000-0x00000284FEBD1000-memory.dmp

Filesize
4KB

Download
memory/4624-37-0x00000284FEBD0000-0x00000284FEBD1000-memory.dmp

Filesize
4KB

Download
memory/4624-38-0x00000284FEBD0000-0x00000284FEBD1000-memory.dmp

Filesize
4KB

Download
memory/4624-43-0x00000284FE7F0000-0x00000284FE7F1000-memory.dmp

Filesize
4KB

Download
memory/4624-0-0x00000284FE4B0000-0x00000284FE4C0000-memory.dmp

Filesize
64KB

Download
memory/4624-68-0x00000284FEA40000-0x00000284FEA41000-memory.dmp

Filesize
4KB

Download
memory/4624-32-0x00000284FEBA0000-0x00000284FEBA1000-memory.dmp

Filesize
4KB

Download
memory/4624-39-0x00000284FEBD0000-0x00000284FEBD1000-memory.dmp

Filesize
4KB

Download
memory/4624-44-0x00000284FE7E0000-0x00000284FE7E1000-memory.dmp

Filesize
4KB

Download
memory/4624-46-0x00000284FE7F0000-0x00000284FE7F1000-memory.dmp

Filesize
4KB

Download
memory/4624-49-0x00000284FE7E0000-0x00000284FE7E1000-memory.dmp

Filesize
4KB

Download
memory/4624-52-0x00000284FE720000-0x00000284FE721000-memory.dmp

Filesize
4KB

Download
memory/4624-16-0x00000284FE5B0000-0x00000284FE5C0000-memory.dmp

Filesize
64KB

Download
memory/4624-64-0x00000284FE920000-0x00000284FE921000-memory.dmp

Filesize
4KB

Download
memory/4624-66-0x00000284FE930000-0x00000284FE931000-memory.dmp

Filesize
4KB

Download
memory/4624-67-0x00000284FE930000-0x00000284FE931000-memory.dmp

Filesize
4KB

Download
memory/4624-41-0x00000284FEBD0000-0x00000284FEBD1000-memory.dmp

Filesize
4KB

Download

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads