53c1e96aaa9268c0adcfaaa5b38ec6dc16830db3ffa94ab61cf75ed3ff7b4939

Analysis

max time kernel
43s
max time network
47s
platform
windows7_x64
resource
win7-20220812-en
resource tags

arch:x64arch:x86image:win7-20220812-enlocale:en-usos:windows7-x64system
submitted
30-10-2022 03:05

Target

53c1e96aaa9268c0adcfaaa5b38ec6dc16830db3ffa94ab61cf75ed3ff7b4939.exe
Size

180KB
MD5

92e6f7d2e351cd84651bc2cb5b96278a
SHA1

68f8991c45782ec04c4ef776cd0a7585e39f2ca4
SHA256

53c1e96aaa9268c0adcfaaa5b38ec6dc16830db3ffa94ab61cf75ed3ff7b4939
SHA512

e3290f5d3354e6b1fca4914431ae592a91be13ebcc8ec2bbd8534b0869d895bfdd31a670b3b9b7b7334279a3f01f61a1daa9c9c59262f65051486a9e6a01e658
SSDEEP

3072:uzCWISby44zo91qjkCwy2t94so1yg7y0leDGDWG:urCTs90FW4b73ld5

Score

8^/10

upx

UPX packed file 2 IoCs

Detects executables packed with UPX/modified UPX open source packer.

resource	yara_rule
behavioral1/memory/896-55-0x0000000001000000-0x0000000001056000-memory.dmp	upx
behavioral1/memory/896-56-0x0000000001000000-0x0000000001056000-memory.dmp	upx

Drops file in System32 directory 3 IoCs

description	ioc	Process
File opened for modification	\??\c:\windows\SysWOW64\alg.exe	53c1e96aaa9268c0adcfaaa5b38ec6dc16830db3ffa94ab61cf75ed3ff7b4939.exe
File opened for modification	\??\c:\windows\SysWOW64\svchost.exe	53c1e96aaa9268c0adcfaaa5b38ec6dc16830db3ffa94ab61cf75ed3ff7b4939.exe
File created	\??\c:\windows\SysWOW64\svchost.vir	53c1e96aaa9268c0adcfaaa5b38ec6dc16830db3ffa94ab61cf75ed3ff7b4939.exe

Suspicious use of AdjustPrivilegeToken 1 IoCs

description	pid	Process
Token: SeTakeOwnershipPrivilege	896	53c1e96aaa9268c0adcfaaa5b38ec6dc16830db3ffa94ab61cf75ed3ff7b4939.exe

memory/896-54-0x0000000075E31000-0x0000000075E33000-memory.dmp

Filesize
8KB

Download
memory/896-55-0x0000000001000000-0x0000000001056000-memory.dmp

Filesize
344KB

Download
memory/896-56-0x0000000001000000-0x0000000001056000-memory.dmp

Filesize
344KB

Download