c6603697614772f3555f640d244b5904f5575000a85da2b79eb439c83973e5b7

Analysis

max time kernel
120s
max time network
126s
platform
windows7_x64
resource
win7-20231023-en
resource tags

arch:x64arch:x86image:win7-20231023-enlocale:en-usos:windows7-x64system
submitted
28-10-2023 20:19

Target

NEAS.fbd1c2868157755a6bfd045e7dc8a100.exe
Size

691KB
MD5

fbd1c2868157755a6bfd045e7dc8a100
SHA1

54ed08f5b1993602f45b6eece7cbea04e5ae82e9
SHA256

c6603697614772f3555f640d244b5904f5575000a85da2b79eb439c83973e5b7
SHA512

a439a6faff30e5bada5d264b7deff619874cbe314e788c0c110aa4d702fc0fed67a6aaa945efe3a0f79f5f02169cdab3976beb45d943694e06f3d26783eba242
SSDEEP

12288:JwXAwhr8AXWQIa0GP81yiL2AnSx0g95oDgNfOi+o1T:6QwhgSWNNA81yi6OSRoDgpJ+o

Score

5^/10

Drops file in System32 directory 1 IoCs

description	ioc	Process
File opened for modification	C:\Windows\System32\alg.exe	NEAS.fbd1c2868157755a6bfd045e7dc8a100.exe

Suspicious use of AdjustPrivilegeToken 1 IoCs

description	pid	Process
Token: SeTakeOwnershipPrivilege	2744	NEAS.fbd1c2868157755a6bfd045e7dc8a100.exe

memory/2744-0-0x0000000140000000-0x00000001400B2000-memory.dmp

Filesize
712KB

Download
memory/2744-1-0x00000000002A0000-0x0000000000300000-memory.dmp

Filesize
384KB

Download
memory/2744-7-0x00000000002A0000-0x0000000000300000-memory.dmp

Filesize
384KB

Download
memory/2744-8-0x00000000002A0000-0x0000000000300000-memory.dmp

Filesize
384KB

Download
memory/2744-11-0x00000000002A0000-0x0000000000300000-memory.dmp

Filesize
384KB

Download
memory/2744-13-0x0000000140000000-0x00000001400B2000-memory.dmp

Filesize
712KB

Download