Overview

overview

7

Static

static

3

4c7a50c0a1...e8.exe

windows7-x64

1

4c7a50c0a1...e8.exe

windows10-2004-x64

7

Analysis

  • max time kernel
    140s
  • max time network
    157s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20231020-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20231020-enlocale:en-usos:windows10-2004-x64system
  • submitted
    07-11-2023 15:50

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    4c7a50c0a13a75cbb157c6c3cdc9b0a512303cc26f43cde3591894a8e35d78e8.exe

  • Size

    1.3MB

  • MD5

    78790d279b179ea200c54d3ce4f2beff

  • SHA1

    186b81f7d8c852b81a1dc58bef09e8fc912f8bff

  • SHA256

    4c7a50c0a13a75cbb157c6c3cdc9b0a512303cc26f43cde3591894a8e35d78e8

  • SHA512

    163c004ca5b3582d01ac0dc9de7a1e673f2db70255220f61ec10bd1cb6f999a25058a7a6e4c7523530e318e8bc9898b1913d9eedbab799e984a608c8a09b4a79

  • SSDEEP

    12288:V3P/aK2vB+T0DudXezE09Si/ckGHt6pshsPSGkYl2XIQCb+Lk1TWbPXQnAN5L:V/CKAB7gXe4i7ojhsP5Lgrk1TWb4AN5

Score
7/10

Malware Config

Signatures

  • Executes dropped EXE 1 IoCs
  • Drops file in System32 directory 2 IoCs
  • Suspicious use of AdjustPrivilegeToken 1 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\4c7a50c0a13a75cbb157c6c3cdc9b0a512303cc26f43cde3591894a8e35d78e8.exe
    "C:\Users\Admin\AppData\Local\Temp\4c7a50c0a13a75cbb157c6c3cdc9b0a512303cc26f43cde3591894a8e35d78e8.exe"
    1⤵
    • Drops file in System32 directory
    • Suspicious use of AdjustPrivilegeToken
    PID:1408
  • C:\Windows\System32\alg.exe
    C:\Windows\System32\alg.exe
    1⤵
    • Executes dropped EXE
    PID:2152

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Windows\System32\alg.exe
    Filesize

    1.3MB

    MD5

    08735051ce6a9b23604c4389fb622971

    SHA1

    30accf4a6a7bab9d03d5bc7257f08b573834ada5

    SHA256

    f0f6b3a19cc20d156a8672a75992e8bdfb31306c1f22740c0e66f07c71aa8c23

    SHA512

    3e70b03e030c1027123da97c9de22771711a382d2f3d562ffafaf50737a36aba1a670c02f75ba710a466b96ce5745aa6998cef0975372e8cde203b4bb73b9dce

    Download Submit

  • memory/1408-0-0x0000000000400000-0x00000000005F7000-memory.dmp

    Filesize

    2.0MB

    Download

  • memory/1408-1-0x0000000002480000-0x00000000024E7000-memory.dmp

    Filesize

    412KB

    Download

  • memory/1408-6-0x0000000002480000-0x00000000024E7000-memory.dmp

    Filesize

    412KB

    Download

  • memory/1408-7-0x0000000002480000-0x00000000024E7000-memory.dmp

    Filesize

    412KB

    Download

  • memory/1408-15-0x0000000000400000-0x00000000005F7000-memory.dmp

    Filesize

    2.0MB

    Download

  • memory/2152-12-0x0000000140000000-0x00000001401E9000-memory.dmp

    Filesize

    1.9MB

    Download

  • memory/2152-16-0x0000000140000000-0x00000001401E9000-memory.dmp

    Filesize

    1.9MB

    Download