25ff2a818a909f50a0285de4ba07b6f5aea8e40caf2b98d296c88b2e255502e8

Analysis

max time kernel
139s
max time network
134s
platform
windows10-2004_x64
resource
win10v2004-20240226-en
resource tags

arch:x64arch:x86image:win10v2004-20240226-enlocale:en-usos:windows10-2004-x64system
submitted
15/03/2024, 06:22

Sharing

Copy URL Twitter E-mail

Report Analysis Logs

General

Target

2128-121-0x0000000000BD0000-0x0000000000C82000-memory.exe
Size

712KB
MD5

80024c9b0376c94e20c3bd6c68e8498b
SHA1

cd989e8e5012639fb077cceec2fe18a7f9f848eb
SHA256

25ff2a818a909f50a0285de4ba07b6f5aea8e40caf2b98d296c88b2e255502e8
SHA512

e10111e167df5596fcc423548c36c1d4138a31809fb503ea7412d1c3decb98ca978141f14c13456df758de27610e4c5e23c0cb718d8e5aab90a1d6a3200854e8
SSDEEP

12288:t8q21MYZBIZzwINH4rY5YYP5ut3v+xAI7V78R1nebQZ:m5MYZ3rYJ0+xineb

Score

3^/10

Malware Config

Signatures

Program crash 2 IoCs

pid	pid_target	Process	procid_target
644	872	WerFault.exe	87
4172	872	WerFault.exe	87

Suspicious use of AdjustPrivilegeToken 1 IoCs

description	pid	Process
Token: SeManageVolumePrivilege	220	svchost.exe

C:\Users\Admin\AppData\Local\Temp\2128-121-0x0000000000BD0000-0x0000000000C82000-memory.exe
"C:\Users\Admin\AppData\Local\Temp\2128-121-0x0000000000BD0000-0x0000000000C82000-memory.exe"
1⤵
PID:872
- C:\Windows\SysWOW64\WerFault.exe
  C:\Windows\SysWOW64\WerFault.exe -u -p 872 -s 236
  2⤵
  - Program crash
  PID:644
- C:\Windows\SysWOW64\WerFault.exe
  C:\Windows\SysWOW64\WerFault.exe -u -p 872 -s 240
  2⤵
  - Program crash
  PID:4172

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 444 -p 872 -ip 872
1⤵
PID:636

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 472 -p 872 -ip 872
1⤵
PID:4212

C:\Windows\system32\rundll32.exe
"C:\Windows\system32\rundll32.exe" "C:\Windows\SYSTEM32\EDGEHTML.dll",#141 Microsoft.VCLibs.140.00_8wekyb3d8bbwe
1⤵
PID:3396

C:\Windows\System32\svchost.exe
C:\Windows\System32\svchost.exe -k UnistackSvcGroup
1⤵
- Suspicious use of AdjustPrivilegeToken
PID:220

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Comms\UnistoreDB\store.jfm

Filesize
16KB

MD5
b2503ea3ccab4dbb80a8e981965c68c9

SHA1
12eef5c192522f466ae516bcfebe16c9c27b7492

SHA256
b30f7017254d796762129e005ba1728e1e5cb280a182c302b86bbd144a3a8098

SHA512
037690b24654a10b53b4b20ed616689bbf4c2ea55af34a4caaf09da18eee6c34f6198bd950111fdde82b088ff691d63f27f4a08738060856167d2fa8757a96b4

Download Submit
memory/220-40-0x000002360D480000-0x000002360D481000-memory.dmp

Filesize
4KB

Download
memory/220-42-0x000002360D480000-0x000002360D481000-memory.dmp

Filesize
4KB

Download
memory/220-33-0x000002360D480000-0x000002360D481000-memory.dmp

Filesize
4KB

Download
memory/220-34-0x000002360D480000-0x000002360D481000-memory.dmp

Filesize
4KB

Download
memory/220-35-0x000002360D480000-0x000002360D481000-memory.dmp

Filesize
4KB

Download
memory/220-36-0x000002360D480000-0x000002360D481000-memory.dmp

Filesize
4KB

Download
memory/220-37-0x000002360D480000-0x000002360D481000-memory.dmp

Filesize
4KB

Download
memory/220-38-0x000002360D480000-0x000002360D481000-memory.dmp

Filesize
4KB

Download
memory/220-39-0x000002360D480000-0x000002360D481000-memory.dmp

Filesize
4KB

Download
memory/220-44-0x000002360D090000-0x000002360D091000-memory.dmp

Filesize
4KB

Download
memory/220-32-0x000002360D450000-0x000002360D451000-memory.dmp

Filesize
4KB

Download
memory/220-41-0x000002360D480000-0x000002360D481000-memory.dmp

Filesize
4KB

Download
memory/220-0-0x0000023604D60000-0x0000023604D70000-memory.dmp

Filesize
64KB

Download
memory/220-43-0x000002360D0A0000-0x000002360D0A1000-memory.dmp

Filesize
4KB

Download
memory/220-46-0x000002360D0A0000-0x000002360D0A1000-memory.dmp

Filesize
4KB

Download
memory/220-49-0x000002360D090000-0x000002360D091000-memory.dmp

Filesize
4KB

Download
memory/220-52-0x000002360CFD0000-0x000002360CFD1000-memory.dmp

Filesize
4KB

Download
memory/220-16-0x0000023604E60000-0x0000023604E70000-memory.dmp

Filesize
64KB

Download
memory/220-64-0x000002360D1D0000-0x000002360D1D1000-memory.dmp

Filesize
4KB

Download
memory/220-66-0x000002360D1E0000-0x000002360D1E1000-memory.dmp

Filesize
4KB

Download
memory/220-67-0x000002360D1E0000-0x000002360D1E1000-memory.dmp

Filesize
4KB

Download
memory/220-68-0x000002360D2F0000-0x000002360D2F1000-memory.dmp

Filesize
4KB

Download

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads