42fcc6baf1f080ee9ae27abc6144a5559aa128c7f5f545c08398d6f591a72354

Analysis

max time kernel
142s
max time network
148s
platform
windows10-2004_x64
resource
win10v2004-20230703-en
resource tags

arch:x64arch:x86image:win10v2004-20230703-enlocale:en-usos:windows10-2004-x64system
submitted
18/07/2023, 15:15

Target

bf22ca1c84cd18_JC.exe
Size

2.4MB
MD5

bf22ca1c84cd18be11e78e2264de845f
SHA1

51a958c45725107362bb94f4509a9ff09e4c5b27
SHA256

42fcc6baf1f080ee9ae27abc6144a5559aa128c7f5f545c08398d6f591a72354
SHA512

a61de7b2ec0f5affe624407565920b4b34ef62e4ddf975b6d2ebfa6744eb8781432cd602ffbf40fe5a25e6e9c67acdfafb75fec994771a237d5d149361fb966a
SSDEEP

49152:5eLjveDKVx+KJtOw8RG48p85PCzcs7dGyayEFD5cLD9RJ4KvJFBVAX69FP56ZU6S:QLeKOKTOw898O56zcs7dGyayE0LD9HvP

Score

5^/10

Drops file in System32 directory 1 IoCs

description	ioc	Process
File opened for modification	C:\Windows\System32\alg.exe	bf22ca1c84cd18_JC.exe

Suspicious use of AdjustPrivilegeToken 1 IoCs

description	pid	Process
Token: SeTakeOwnershipPrivilege	2404	bf22ca1c84cd18_JC.exe

Suspicious use of SetWindowsHookEx 1 IoCs

pid	Process
2404	bf22ca1c84cd18_JC.exe

memory/2404-133-0x0000000000400000-0x000000000066E000-memory.dmp

Filesize
2.4MB

Download
memory/2404-134-0x0000000000C80000-0x0000000000CE7000-memory.dmp

Filesize
412KB

Download
memory/2404-140-0x0000000000C80000-0x0000000000CE7000-memory.dmp

Filesize
412KB

Download
memory/2404-139-0x0000000000C80000-0x0000000000CE7000-memory.dmp

Filesize
412KB

Download
memory/2404-146-0x0000000000400000-0x000000000066E000-memory.dmp

Filesize
2.4MB

Download