cfd8048f1244c8a839a6ecae5d014013d15e4efe1a387869889a2e2def82a3af | Triage

Resubmissions

19-09-2024 07:29

240919-jbcapsxeqk 7

19-09-2024 07:27

240919-jaa19axcje 7

19-09-2024 07:21

240919-h66x5axanb 7

19-09-2024 07:04

240919-hwcxaswenh 7

19-09-2024 07:04

240919-hv496awend 3

19-09-2024 07:00

240919-hs4kvawfqr 3

Analysis

max time kernel
94s
max time network
95s
platform
windows10-2004_x64
resource
win10v2004-20240802-en
resource tags

arch:x64arch:x86image:win10v2004-20240802-enlocale:en-usos:windows10-2004-x64system
submitted
19-09-2024 07:00

Sharing

Report Analysis Logs

General

Target

internationalPaymentDetails/ActionCenter.dll
Size

2.8MB
MD5

6600755c2a115ab24862611227e83e3d
SHA1

2067379db6a1817513c0f5de5640906bb7168f78
SHA256

c4b436e2b74e8b98bccf9ec8348fbbd6384d309c5c67d2fb995293d380e9bc31
SHA512

fb94b75c6dad7d4d55b79cbbdb8564c0aca5d3ece2a743bbcc169df4070a8444a344c8d221fc5894de85cbc10d555bc4d0cd4a70d91f623bc05d38f9ba94ebe5
SSDEEP

49152:UDwPqn6R9cOCwJWvJW0XHOmt08AgFWen4IzhS:A6kvyIz

Score

1^/10

Malware Config

Signatures

Suspicious use of AdjustPrivilegeToken 1 IoCs

description	pid	Process
Token: SeDebugPrivilege	4864	rundll32.exe

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\internationalPaymentDetails\ActionCenter.dll,#1
1⤵
- Suspicious use of AdjustPrivilegeToken
PID:4864

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads