64e414f1f2ceeb4261e537155f9ce996a9486fc25c24102711da71fd9df2828a

Analysis

max time kernel
118s
max time network
122s
platform
windows7_x64
resource
win7-20230831-en
resource tags

arch:x64arch:x86image:win7-20230831-enlocale:en-usos:windows7-x64system
submitted
11/10/2023, 18:42

Target

64e414f1f2ceeb4261e537155f9ce996a9486fc25c24102711da71fd9df2828a.exe
Size

1.3MB
MD5

68b8fb2bcb816c93784ead950ee08c01
SHA1

d3ac1dabb6dbfbcf5bafcdb19c4aa492eb4606f8
SHA256

64e414f1f2ceeb4261e537155f9ce996a9486fc25c24102711da71fd9df2828a
SHA512

653b118cfc24be4ca0e68ad000754f1e974cd7f14b2ae817b0ea8225b30117182e7e3fc0eb53b7d057e09132687ae400070f91843d0a75759cbfe085a96b1b55
SSDEEP

12288:MA9B+VT6FyQpFyqz2TTKMYAPkl7EP9DXMWfJgw0JaRfwLsigJA1+pynNOW:MA9BumywPGGMYK+729zNgwxyLsrY

Score

5^/10

Drops file in System32 directory 1 IoCs

description	ioc	Process
File opened for modification	C:\Windows\System32\alg.exe	64e414f1f2ceeb4261e537155f9ce996a9486fc25c24102711da71fd9df2828a.exe

Suspicious use of AdjustPrivilegeToken 1 IoCs

description	pid	Process
Token: SeTakeOwnershipPrivilege	2172	64e414f1f2ceeb4261e537155f9ce996a9486fc25c24102711da71fd9df2828a.exe

memory/2172-0-0x0000000000400000-0x00000000005F4000-memory.dmp

Filesize
2.0MB

Download
memory/2172-1-0x0000000000600000-0x0000000000667000-memory.dmp

Filesize
412KB

Download
memory/2172-7-0x0000000000600000-0x0000000000667000-memory.dmp

Filesize
412KB

Download
memory/2172-12-0x0000000000400000-0x00000000005F4000-memory.dmp

Filesize
2.0MB

Download