647ca781cc9236c8a178af3326c155f059ca199c71e1a92c5888036e9f917f56

Analysis

max time kernel
149s
max time network
152s
platform
windows10-2004_x64
resource
win10v2004-20240412-en
resource tags

arch:x64arch:x86image:win10v2004-20240412-enlocale:en-usos:windows10-2004-x64system
submitted
22-04-2024 22:50

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

647ca781cc9236c8a178af3326c155f059ca199c71e1a92c5888036e9f917f56.exe
Size

14KB
MD5

b8a3f86d399713a35582184b5880c3d8
SHA1

b36feb22ae8dda32647da16cc0453057d45019fc
SHA256

647ca781cc9236c8a178af3326c155f059ca199c71e1a92c5888036e9f917f56
SHA512

7c2d2d75cf0ccf92cc1cc440d20b0034c7f729146fb2f617d3ba685be8ef5bc5121d9fd8e317b7e55663fa705584022c428e926b3f6284864070392c1a2d4622
SSDEEP

384:RaySByHYBNfpfpfj31IIIIIgaDE045Hx1111:nyNNxx73HgAr1111

Score

1^/10

Malware Config

Signatures

Suspicious use of AdjustPrivilegeToken 1 IoCs

description	pid	Process
Token: SeManageVolumePrivilege	996	svchost.exe

C:\Users\Admin\AppData\Local\Temp\647ca781cc9236c8a178af3326c155f059ca199c71e1a92c5888036e9f917f56.exe
"C:\Users\Admin\AppData\Local\Temp\647ca781cc9236c8a178af3326c155f059ca199c71e1a92c5888036e9f917f56.exe"
1⤵
PID:4496

C:\Windows\system32\rundll32.exe
"C:\Windows\system32\rundll32.exe" "C:\Windows\SYSTEM32\EDGEHTML.dll",#141 Microsoft.VCLibs.140.00_8wekyb3d8bbwe
1⤵
PID:544

C:\Windows\System32\svchost.exe
C:\Windows\System32\svchost.exe -k UnistackSvcGroup
1⤵
- Suspicious use of AdjustPrivilegeToken
PID:996

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

memory/996-12-0x000001A343570000-0x000001A343580000-memory.dmp

Filesize
64KB

Download
memory/996-48-0x000001A34BB20000-0x000001A34BB21000-memory.dmp

Filesize
4KB

Download
memory/996-47-0x000001A34BA10000-0x000001A34BA11000-memory.dmp

Filesize
4KB

Download
memory/996-46-0x000001A34BA10000-0x000001A34BA11000-memory.dmp

Filesize
4KB

Download
memory/996-44-0x000001A34B9E0000-0x000001A34B9E1000-memory.dmp

Filesize
4KB

Download
memory/996-28-0x000001A343670000-0x000001A343680000-memory.dmp

Filesize
64KB

Download
memory/4496-5-0x0000000000400000-0x000000000040A000-memory.dmp

Filesize
40KB

Download
memory/4496-0-0x0000000000400000-0x000000000040A000-memory.dmp

Filesize
40KB

Download
memory/4496-8-0x0000000000400000-0x000000000040A000-memory.dmp

Filesize
40KB

Download
memory/4496-9-0x0000000000400000-0x000000000040A000-memory.dmp

Filesize
40KB

Download
memory/4496-10-0x0000000000400000-0x000000000040A000-memory.dmp

Filesize
40KB

Download
memory/4496-11-0x0000000000400000-0x000000000040A000-memory.dmp

Filesize
40KB

Download
memory/4496-6-0x0000000000400000-0x000000000040A000-memory.dmp

Filesize
40KB

Download
memory/4496-7-0x0000000000400000-0x000000000040A000-memory.dmp

Filesize
40KB

Download
memory/4496-4-0x0000000000400000-0x000000000040A000-memory.dmp

Filesize
40KB

Download
memory/4496-3-0x0000000000400000-0x000000000040A000-memory.dmp

Filesize
40KB

Download
memory/4496-2-0x0000000000400000-0x000000000040A000-memory.dmp

Filesize
40KB

Download
memory/4496-1-0x0000000000400000-0x000000000040A000-memory.dmp

Filesize
40KB

Download
memory/4496-49-0x0000000000400000-0x000000000040A000-memory.dmp

Filesize
40KB

Download
memory/4496-50-0x0000000000400000-0x000000000040A000-memory.dmp

Filesize
40KB

Download
memory/4496-51-0x0000000000400000-0x000000000040A000-memory.dmp

Filesize
40KB

Download

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads