e7b49ccb3a84e14c86e319be2fc6ca3743b72fb9a2180cfa462ddef18cd3eb6d

Analysis

max time kernel
176s
max time network
194s
platform
windows10-2004_x64
resource
win10v2004-20231023-en
resource tags

arch:x64arch:x86image:win10v2004-20231023-enlocale:en-usos:windows10-2004-x64system
submitted
31/10/2023, 21:26

Sharing

Copy URL Twitter E-mail

Report Analysis Logs

General

Target

e7b49ccb3a84e14c86e319be2fc6ca3743b72fb9a2180cfa462ddef18cd3eb6d.exe
Size

1.3MB
MD5

22ceed31ecc7cde3c47e0acfac065a2c
SHA1

7aabe31fd8eee06700c611eb4666891c5ddd0f2e
SHA256

e7b49ccb3a84e14c86e319be2fc6ca3743b72fb9a2180cfa462ddef18cd3eb6d
SHA512

ba86e32f571e16631339f56589639f1aa4e77d3e1ccf63bdc140dcfafdc42f445ec49630154fef7ec42b301852725bfea2ad9fca6460c0945e198f1dfaffc53e
SSDEEP

24576:G/CKAB67ozX0j52pMkuLoiSJVlIL29mhNq6:GaKkL70jIpM3kiSBM29mhNq

Score

7^/10

Malware Config

Signatures

Executes dropped EXE 5 IoCs

pid	Process
3832	alg.exe
2344	elevation_service.exe
1656	elevation_service.exe
2164	maintenanceservice.exe
404	OSE.EXE

Drops file in System32 directory 2 IoCs

description	ioc	Process
File opened for modification	C:\Windows\System32\alg.exe	e7b49ccb3a84e14c86e319be2fc6ca3743b72fb9a2180cfa462ddef18cd3eb6d.exe
File opened for modification	C:\Windows\system32\config\systemprofile\AppData\Roaming\1d89b37bab605b88.bin	alg.exe

Drops file in Program Files directory 64 IoCs

description	ioc	Process
File opened for modification	C:\Program Files\Java\jre-1.8\bin\jp2launcher.exe	alg.exe
File opened for modification	C:\Program Files\Java\jre-1.8\bin\ktab.exe	alg.exe
File opened for modification	C:\Program Files\Google\Chrome\Application\106.0.5249.119\Installer\setup.exe	alg.exe
File opened for modification	C:\Program Files\Internet Explorer\ielowutil.exe	alg.exe
File opened for modification	C:\Program Files\Java\jdk-1.8\bin\kinit.exe	alg.exe
File opened for modification	C:\Program Files\Java\jdk-1.8\bin\tnameserv.exe	alg.exe
File opened for modification	C:\Program Files\Java\jre-1.8\bin\ssvagent.exe	alg.exe
File opened for modification	C:\Program Files\Java\jre-1.8\bin\tnameserv.exe	alg.exe
File opened for modification	C:\Program Files\Mozilla Firefox\maintenanceservice_installer.exe	alg.exe
File opened for modification	C:\Program Files (x86)\Common Files\Oracle\Java\javapath_target_120453\javaws.exe	alg.exe
File opened for modification	C:\Program Files\Common Files\microsoft shared\ClickToRun\AppVShNotify.exe	alg.exe
File opened for modification	C:\Program Files\Google\Chrome\Application\106.0.5249.119\Installer\chrmstp.exe	alg.exe
File opened for modification	C:\Program Files\Java\jdk-1.8\bin\jstatd.exe	alg.exe
File opened for modification	C:\Program Files\Java\jdk-1.8\jre\bin\policytool.exe	alg.exe
File opened for modification	C:\Program Files (x86)\Google\Update\1.3.36.151\GoogleCrashHandler64.exe	alg.exe
File opened for modification	C:\Program Files\Java\jdk-1.8\jre\bin\rmid.exe	alg.exe
File opened for modification	C:\Program Files\Mozilla Firefox\plugin-container.exe	alg.exe
File opened for modification	C:\Program Files (x86)\Common Files\Oracle\Java\javapath\java.exe	alg.exe
File opened for modification	C:\Program Files\7-Zip\7zG.exe	alg.exe
File opened for modification	C:\Program Files\Java\jdk-1.8\bin\jjs.exe	alg.exe
File opened for modification	C:\Program Files\Java\jdk-1.8\bin\native2ascii.exe	alg.exe
File opened for modification	C:\Program Files\Java\jdk-1.8\jre\bin\keytool.exe	alg.exe
File opened for modification	C:\Program Files (x86)\Common Files\Java\Java Update\jucheck.exe	alg.exe
File opened for modification	C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe	alg.exe
File opened for modification	C:\Program Files (x86)\Common Files\Oracle\Java\javapath\javaw.exe	alg.exe
File opened for modification	C:\Program Files\Java\jdk-1.8\bin\javapackager.exe	alg.exe
File opened for modification	C:\Program Files\Java\jdk-1.8\bin\jdb.exe	alg.exe
File opened for modification	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AdobeCollabSync.exe	alg.exe
File opened for modification	C:\Program Files (x86)\Common Files\Java\Java Update\jaureg.exe	alg.exe
File opened for modification	C:\Program Files\Java\jdk-1.8\bin\orbd.exe	alg.exe
File opened for modification	C:\Program Files\Java\jre-1.8\bin\javaws.exe	alg.exe
File opened for modification	C:\Program Files\Java\jdk-1.8\jre\bin\servertool.exe	alg.exe
File opened for modification	C:\Program Files\Java\jre-1.8\bin\java.exe	alg.exe
File opened for modification	C:\Program Files\VideoLAN\VLC\uninstall.exe	alg.exe
File opened for modification	C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe	alg.exe
File opened for modification	C:\Program Files\Common Files\microsoft shared\ClickToRun\InspectorOfficeGadget.exe	alg.exe
File opened for modification	C:\Program Files\Common Files\microsoft shared\ClickToRun\MavInject32.exe	alg.exe
File opened for modification	C:\Program Files\Java\jdk-1.8\bin\schemagen.exe	alg.exe
File opened for modification	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\reader_sl.exe	alg.exe
File opened for modification	C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\elevation_service.exe	alg.exe
File opened for modification	C:\Program Files\Common Files\microsoft shared\OFFICE16\LICLUA.EXE	alg.exe
File opened for modification	C:\Program Files\Java\jdk-1.8\jre\bin\ktab.exe	alg.exe
File opened for modification	C:\Program Files\Java\jre-1.8\bin\rmid.exe	alg.exe
File opened for modification	C:\Program Files\7-Zip\7zFM.exe	alg.exe
File opened for modification	C:\Program Files\7-Zip\Uninstall.exe	alg.exe
File opened for modification	C:\Program Files\Internet Explorer\ExtExport.exe	alg.exe
File opened for modification	C:\Program Files\Java\jre-1.8\bin\java-rmi.exe	alg.exe
File opened for modification	C:\Program Files\Mozilla Firefox\maintenanceservice.exe	alg.exe
File opened for modification	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\plug_ins\pi_brokers\64BitMAPIBroker.exe	alg.exe
File opened for modification	C:\Program Files\Java\jdk-1.8\bin\javac.exe	alg.exe
File opened for modification	C:\Program Files\Java\jdk-1.8\bin\jps.exe	alg.exe
File opened for modification	C:\Program Files\Java\jdk-1.8\jre\bin\ssvagent.exe	alg.exe
File opened for modification	C:\Program Files\Java\jdk-1.8\jre\bin\unpack200.exe	alg.exe
File opened for modification	C:\Program Files\Java\jdk-1.8\jre\bin\klist.exe	alg.exe
File opened for modification	C:\Program Files\Common Files\microsoft shared\ClickToRun\OfficeC2RClient.exe	alg.exe
File opened for modification	C:\Program Files\Java\jdk-1.8\bin\jconsole.exe	alg.exe
File opened for modification	C:\Program Files\Java\jdk-1.8\bin\jstat.exe	alg.exe
File opened for modification	C:\Program Files\Java\jdk-1.8\jre\bin\jp2launcher.exe	alg.exe
File opened for modification	C:\Program Files\Mozilla Firefox\uninstall\helper.exe	alg.exe
File opened for modification	\??\c:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE	alg.exe
File opened for modification	C:\Program Files\Java\jdk-1.8\jre\bin\jjs.exe	alg.exe
File opened for modification	C:\Program Files\Java\jdk-1.8\jre\bin\orbd.exe	alg.exe
File opened for modification	C:\Program Files\Mozilla Firefox\default-browser-agent.exe	alg.exe
File opened for modification	C:\Program Files\Java\jdk-1.8\bin\javaws.exe	alg.exe

Suspicious use of AdjustPrivilegeToken 1 IoCs

description	pid	Process
Token: SeTakeOwnershipPrivilege	4832	e7b49ccb3a84e14c86e319be2fc6ca3743b72fb9a2180cfa462ddef18cd3eb6d.exe

C:\Users\Admin\AppData\Local\Temp\e7b49ccb3a84e14c86e319be2fc6ca3743b72fb9a2180cfa462ddef18cd3eb6d.exe
"C:\Users\Admin\AppData\Local\Temp\e7b49ccb3a84e14c86e319be2fc6ca3743b72fb9a2180cfa462ddef18cd3eb6d.exe"
1⤵
- Drops file in System32 directory
- Suspicious use of AdjustPrivilegeToken
PID:4832

C:\Windows\System32\alg.exe
C:\Windows\System32\alg.exe
1⤵
- Executes dropped EXE
- Drops file in System32 directory
- Drops file in Program Files directory
PID:3832

C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe"
1⤵
- Executes dropped EXE
PID:2344

C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\elevation_service.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\elevation_service.exe"
1⤵
- Executes dropped EXE
PID:1656

C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe
"C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe"
1⤵
- Executes dropped EXE
PID:2164

\??\c:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE
"c:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE"
1⤵
- Executes dropped EXE
PID:404

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\elevation_service.exe

Filesize
2.1MB

MD5
40d36cccf2a3ef19cd42901c702413bb

SHA1
246c29bd8c9420ee74f8f487017c4b8d68d7acde

SHA256
ceb122761bfcf488a5635383a271417b37a2964ee1a0b2af5ed7959f7bdaed41

SHA512
df01a49262a7775badb4fd8e6060b1bcf0b358a2024250ef68d3a0ac9c4fa5c4181b6184ac21e9b2ad8898f7a7af4260ef47270de655707ffef63b28abdeabb9

Download Submit
C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe

Filesize
1.4MB

MD5
477261ac08f75f63810da0f25d0c938e

SHA1
30f7f55f4c77c393cc7b0ae6b8f14aa6fddd01b6

SHA256
38abd77f9a02b7b0e88770802ec8b255edbb45110b11119fc56d54041354c61f

SHA512
4593c9b7d537a8f09aa5d4f26253be155716e67c7a515e1378ccc2cf183541d86ec8a2b46e8d1a13e8786884f4846c354b8811d1a4d546f98421199b63cf8f46

Download Submit
C:\Program Files\Common Files\microsoft shared\Source Engine\OSE.EXE

Filesize
1.4MB

MD5
94a086680aeb00bf5ec9383c2f783f57

SHA1
114a6af3a710f94fe19a5e1ae7c7a910571114c5

SHA256
56a2626cd01ee0d37938eb1e37461c428d7cff76209483687d58c3d038646137

SHA512
46d79a0ae990e9808f437478729861ee6b184ef4b7be8698fc009f2606ee907540c8061a3cc2c58a2af422f74c46793a712b84e39e48c89ed65fba8c5d777a10

Download Submit
C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe

Filesize
2.1MB

MD5
35cbe68efafc4a2a504d3c9bdc4fa630

SHA1
f8b3cd428933490c2cbdaa3193af9b5a613aaf38

SHA256
7d1aa123f4f70565ea791250f3c97fc26d6de14ae8ac0858e1c4307bb42a7f6a

SHA512
87851bbc222d0be567827ef75805ca56422e0fb93acc8ea44d74c176de7caee597a1ffa2e1859f54222338fc27476b439a87b93a0cf2baa91590fabd30ff14b4

Download Submit
C:\Windows\System32\alg.exe

Filesize
1.3MB

MD5
fc62da989794010e04378ac1711939ed

SHA1
4929fcb3bb630403dc7de20e2648af6bb93d5d5c

SHA256
abc3b01f41e8b557f3f3d8bdce84855484df86292d8a94d314dbf8e95c25c02f

SHA512
2abf7c18c40b285d2a0be4986da4384f218b211000fdd118f8407b97ff0ef4282f0dfbe32456cd030591b9ba0183044a101ddb3ed4eec62f464883563bdb5680

Download Submit
memory/404-113-0x0000000140000000-0x000000014020A000-memory.dmp

Filesize
2.0MB

Download
memory/404-79-0x0000000000820000-0x0000000000880000-memory.dmp

Filesize
384KB

Download
memory/404-71-0x0000000000820000-0x0000000000880000-memory.dmp

Filesize
384KB

Download
memory/404-72-0x0000000140000000-0x000000014020A000-memory.dmp

Filesize
2.0MB

Download
memory/1656-40-0x00000000001A0000-0x0000000000200000-memory.dmp

Filesize
384KB

Download
memory/1656-68-0x0000000140000000-0x000000014022B000-memory.dmp

Filesize
2.2MB

Download
memory/1656-48-0x00000000001A0000-0x0000000000200000-memory.dmp

Filesize
384KB

Download
memory/1656-41-0x0000000140000000-0x000000014022B000-memory.dmp

Filesize
2.2MB

Download
memory/2164-65-0x0000000140000000-0x0000000140205000-memory.dmp

Filesize
2.0MB

Download
memory/2164-53-0x0000000000C00000-0x0000000000C60000-memory.dmp

Filesize
384KB

Download
memory/2164-52-0x0000000140000000-0x0000000140205000-memory.dmp

Filesize
2.0MB

Download
memory/2164-59-0x0000000000C00000-0x0000000000C60000-memory.dmp

Filesize
384KB

Download
memory/2164-63-0x0000000000C00000-0x0000000000C60000-memory.dmp

Filesize
384KB

Download
memory/2344-35-0x0000000000510000-0x0000000000570000-memory.dmp

Filesize
384KB

Download
memory/2344-67-0x0000000140000000-0x0000000140237000-memory.dmp

Filesize
2.2MB

Download
memory/2344-36-0x0000000000510000-0x0000000000570000-memory.dmp

Filesize
384KB

Download
memory/2344-28-0x0000000000510000-0x0000000000570000-memory.dmp

Filesize
384KB

Download
memory/2344-29-0x0000000140000000-0x0000000140237000-memory.dmp

Filesize
2.2MB

Download
memory/3832-23-0x0000000000690000-0x00000000006F0000-memory.dmp

Filesize
384KB

Download
memory/3832-66-0x0000000140000000-0x00000001401E5000-memory.dmp

Filesize
1.9MB

Download
memory/3832-15-0x0000000000690000-0x00000000006F0000-memory.dmp

Filesize
384KB

Download
memory/3832-16-0x0000000140000000-0x00000001401E5000-memory.dmp

Filesize
1.9MB

Download
memory/4832-0-0x0000000000400000-0x00000000005F3000-memory.dmp

Filesize
1.9MB

Download
memory/4832-13-0x0000000000400000-0x00000000005F3000-memory.dmp

Filesize
1.9MB

Download
memory/4832-6-0x0000000002480000-0x00000000024E7000-memory.dmp

Filesize
412KB

Download
memory/4832-7-0x0000000002480000-0x00000000024E7000-memory.dmp

Filesize
412KB

Download
memory/4832-1-0x0000000002480000-0x00000000024E7000-memory.dmp

Filesize
412KB

Download

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads