Overview

overview

7

Static

static

3

a0187fea47...53.exe

windows7-x64

1

a0187fea47...53.exe

windows10-2004-x64

7

Analysis

  • max time kernel
    147s
  • max time network
    121s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20231215-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20231215-enlocale:en-usos:windows10-2004-x64system
  • submitted
    24/12/2023, 03:49

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    a0187fea47baabdb8f7f4d999ab1e1318c87ba6e29141b640a96cce257418053.exe

  • Size

    1.4MB

  • MD5

    5070dcfac394a607af6a33cee596a478

  • SHA1

    02551e9b707ec6542cc43d8172dd2a66fc780f7d

  • SHA256

    a0187fea47baabdb8f7f4d999ab1e1318c87ba6e29141b640a96cce257418053

  • SHA512

    311877e297588e06e2ec2ad82f6b762f43895f573fb98492c8e30c3aa48b164fc06e75f9e0b7fad419e939f69632359b0d316abc6d75b50e78106c386c99fa1a

  • SSDEEP

    12288:d0P/aK2vB+uHk+fOKVHGc30+DXTKt2IICbMujkicygo3I2OkPO:dkCKABdOKVz0+zG4IB1/j3ZOkPO

Score
7/10

Malware Config

Signatures

  • Executes dropped EXE 1 IoCs
  • Drops file in System32 directory 2 IoCs
  • Suspicious use of AdjustPrivilegeToken 1 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\a0187fea47baabdb8f7f4d999ab1e1318c87ba6e29141b640a96cce257418053.exe
    "C:\Users\Admin\AppData\Local\Temp\a0187fea47baabdb8f7f4d999ab1e1318c87ba6e29141b640a96cce257418053.exe"
    1⤵
    • Drops file in System32 directory
    • Suspicious use of AdjustPrivilegeToken
    PID:2484
  • C:\Windows\System32\alg.exe
    C:\Windows\System32\alg.exe
    1⤵
    • Executes dropped EXE
    PID:5000

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Windows\System32\alg.exe
    Filesize

    93KB

    MD5

    fa84e4d530fd2cb332bfdf2f6d79128b

    SHA1

    e395e902012a98e9e5e482de21dbd87fd05b6970

    SHA256

    84ac8cfb18111bdca931abfe0199cac83efcfc7dd3a1ea8130610799bf00f587

    SHA512

    6a2d75d214081dde9051fb14e889a9811b0384fb8a6b914f199f8e44f0ab45b96cb3e20e9af5117002381920530a3e2e93405ce68266d13698237e01614c1efe

    Download Submit

  • memory/2484-0-0x0000000000400000-0x0000000000635000-memory.dmp

    Filesize

    2.2MB

    Download

  • memory/2484-1-0x00000000007A0000-0x0000000000807000-memory.dmp

    Filesize

    412KB

    Download

  • memory/2484-6-0x00000000007A0000-0x0000000000807000-memory.dmp

    Filesize

    412KB

    Download

  • memory/2484-14-0x0000000000400000-0x0000000000635000-memory.dmp

    Filesize

    2.2MB

    Download

  • memory/5000-13-0x0000000140000000-0x0000000140227000-memory.dmp

    Filesize

    2.2MB

    Download

  • memory/5000-15-0x0000000140000000-0x0000000140227000-memory.dmp

    Filesize

    2.2MB

    Download