a3019ac6d426a009aa7d143c6375a15743493fab2df743343fb18400a0ca27b9

Analysis

max time kernel
188s
max time network
227s
platform
windows10-2004_x64
resource
win10v2004-20231215-en
resource tags

arch:x64arch:x86image:win10v2004-20231215-enlocale:en-usos:windows10-2004-x64system
submitted
29/12/2023, 08:00

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

a3019ac6d426a009aa7d143c6375a15743493fab2df743343fb18400a0ca27b9.exe
Size

716KB
MD5

503e5492e130573a08a023069adb44ba
SHA1

29f45ce03afc59d026a8869eddde28729469707b
SHA256

a3019ac6d426a009aa7d143c6375a15743493fab2df743343fb18400a0ca27b9
SHA512

f46407f4ccf5bfc06aa67e9c4b27632b3c1cab3103cac2dc779ee06322645d5c2f7a5579597b1fae63f4eef38381bbea61595d4a5335b1c9ddfce40bba831c4e
SSDEEP

12288:BrP/aK2vB+Rb02+WdSjIvc5q9D5dPc6GB64WVA1ehJOQPTpUG3kjpa7RpCIFBQ:BjCKABKbxc5UEjB64ugehJbT2j87Rx

Score

7^/10

Malware Config

Signatures

Executes dropped EXE 5 IoCs

pid	Process
2956	alg.exe
4960	elevation_service.exe
4844	elevation_service.exe
1228	maintenanceservice.exe
2392	OSE.EXE

Drops file in System32 directory 4 IoCs

description	ioc	Process
File opened for modification	C:\Windows\system32\AppVClient.exe	alg.exe
File opened for modification	C:\Windows\System32\alg.exe	a3019ac6d426a009aa7d143c6375a15743493fab2df743343fb18400a0ca27b9.exe
File opened for modification	C:\Windows\system32\AppVClient.exe	a3019ac6d426a009aa7d143c6375a15743493fab2df743343fb18400a0ca27b9.exe
File opened for modification	C:\Windows\system32\config\systemprofile\AppData\Roaming\8b7ef2814007a37.bin	alg.exe

Drops file in Program Files directory 64 IoCs

description	ioc	Process
File opened for modification	C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe	alg.exe
File opened for modification	C:\Program Files\Java\jdk-1.8\bin\jcmd.exe	alg.exe
File opened for modification	C:\Program Files\Google\Chrome\Application\106.0.5249.119\chrome_pwa_launcher.exe	alg.exe
File opened for modification	C:\Program Files\Internet Explorer\ielowutil.exe	alg.exe
File opened for modification	C:\Program Files\Java\jdk-1.8\bin\jdeps.exe	alg.exe
File opened for modification	C:\Program Files\Java\jdk-1.8\bin\jstat.exe	alg.exe
File opened for modification	C:\Program Files\Common Files\microsoft shared\OFFICE16\LICLUA.EXE	alg.exe
File opened for modification	C:\Program Files\Java\jdk-1.8\bin\jabswitch.exe	alg.exe
File opened for modification	C:\Program Files\Java\jdk-1.8\bin\jjs.exe	alg.exe
File opened for modification	C:\Program Files\Common Files\microsoft shared\ClickToRun\AppVShNotify.exe	alg.exe
File opened for modification	C:\Program Files\Java\jdk-1.8\bin\jsadebugd.exe	alg.exe
File opened for modification	C:\Program Files\Java\jdk-1.8\jre\bin\javaw.exe	alg.exe
File opened for modification	C:\Program Files\Java\jdk-1.8\bin\javaw.exe	alg.exe
File opened for modification	C:\Program Files\Java\jdk-1.8\bin\jhat.exe	alg.exe
File opened for modification	C:\Program Files\Java\jdk-1.8\bin\jstatd.exe	alg.exe
File opened for modification	C:\Program Files\Java\jdk-1.8\bin\policytool.exe	alg.exe
File opened for modification	C:\Program Files\Java\jdk-1.8\bin\schemagen.exe	alg.exe
File opened for modification	C:\Program Files\Java\jdk-1.8\jre\bin\java-rmi.exe	alg.exe
File opened for modification	C:\Program Files\Java\jdk-1.8\jre\bin\jjs.exe	alg.exe
File opened for modification	C:\Program Files\Java\jdk-1.8\bin\jstack.exe	alg.exe
File opened for modification	C:\Program Files\Java\jdk-1.8\bin\kinit.exe	alg.exe
File opened for modification	C:\Program Files\Java\jdk-1.8\bin\ktab.exe	alg.exe
File opened for modification	C:\Program Files\Java\jdk-1.8\bin\unpack200.exe	alg.exe
File opened for modification	C:\Program Files\dotnet\dotnet.exe	alg.exe
File opened for modification	C:\Program Files\Java\jdk-1.8\bin\appletviewer.exe	alg.exe
File opened for modification	C:\Program Files\Java\jdk-1.8\bin\jar.exe	alg.exe
File opened for modification	C:\Program Files\Internet Explorer\ieinstal.exe	alg.exe
File opened for modification	C:\Program Files\Internet Explorer\iexplore.exe	alg.exe
File opened for modification	C:\Program Files\Java\jdk-1.8\bin\java-rmi.exe	alg.exe
File opened for modification	C:\Program Files\Java\jdk-1.8\bin\wsgen.exe	alg.exe
File opened for modification	C:\Program Files\Common Files\microsoft shared\ClickToRun\MavInject32.exe	alg.exe
File opened for modification	C:\Program Files\Common Files\microsoft shared\Source Engine\OSE.EXE	alg.exe
File opened for modification	C:\Program Files\Internet Explorer\ExtExport.exe	alg.exe
File opened for modification	C:\Program Files\Java\jdk-1.8\jre\bin\rmiregistry.exe	alg.exe
File opened for modification	C:\Program Files\Java\jdk-1.8\jre\bin\rmid.exe	alg.exe
File opened for modification	C:\Program Files\7-Zip\7zG.exe	alg.exe
File opened for modification	C:\Program Files\7-Zip\Uninstall.exe	alg.exe
File opened for modification	C:\Program Files\Java\jdk-1.8\bin\jrunscript.exe	alg.exe
File opened for modification	C:\Program Files\Java\jdk-1.8\jre\bin\kinit.exe	alg.exe
File opened for modification	\??\c:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE	alg.exe
File opened for modification	C:\Program Files\Common Files\microsoft shared\ClickToRun\OfficeClickToRun.exe	alg.exe
File opened for modification	C:\Program Files\Google\Chrome\Application\106.0.5249.119\Installer\chrmstp.exe	alg.exe
File opened for modification	C:\Program Files\Java\jdk-1.8\bin\native2ascii.exe	alg.exe
File opened for modification	C:\Program Files\Java\jdk-1.8\bin\javah.exe	alg.exe
File opened for modification	C:\Program Files\Java\jdk-1.8\bin\orbd.exe	alg.exe
File opened for modification	C:\Program Files\Java\jdk-1.8\jre\bin\klist.exe	alg.exe
File opened for modification	C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe	alg.exe
File opened for modification	C:\Program Files\Common Files\microsoft shared\ClickToRun\InspectorOfficeGadget.exe	alg.exe
File opened for modification	C:\Program Files\Common Files\microsoft shared\ink\InputPersonalization.exe	alg.exe
File opened for modification	C:\Program Files\Java\jdk-1.8\bin\java.exe	alg.exe
File opened for modification	C:\Program Files\Java\jdk-1.8\bin\jconsole.exe	alg.exe
File opened for modification	C:\Program Files\Java\jdk-1.8\bin\jinfo.exe	alg.exe
File opened for modification	C:\Program Files\Java\jdk-1.8\bin\klist.exe	alg.exe
File created	C:\Program Files (x86)\Mozilla Maintenance Service\logs\maintenanceservice.log	maintenanceservice.exe
File opened for modification	C:\Program Files\Common Files\microsoft shared\ink\mip.exe	alg.exe
File opened for modification	C:\Program Files\Java\jdk-1.8\bin\extcheck.exe	alg.exe
File opened for modification	C:\Program Files\Java\jdk-1.8\bin\javap.exe	alg.exe
File opened for modification	C:\Program Files\Java\jdk-1.8\bin\jdb.exe	alg.exe
File opened for modification	C:\Program Files\Google\Chrome\Application\106.0.5249.119\Installer\setup.exe	alg.exe
File opened for modification	C:\Program Files\Java\jdk-1.8\jre\bin\jabswitch.exe	alg.exe
File opened for modification	C:\Program Files\Java\jdk-1.8\jre\bin\servertool.exe	alg.exe
File opened for modification	C:\Program Files\Common Files\microsoft shared\MSInfo\msinfo32.exe	alg.exe
File opened for modification	C:\Program Files\Java\jdk-1.8\bin\jarsigner.exe	alg.exe
File opened for modification	C:\Program Files\Java\jdk-1.8\jre\bin\unpack200.exe	alg.exe

Suspicious use of AdjustPrivilegeToken 1 IoCs

description	pid	Process
Token: SeTakeOwnershipPrivilege	1208	a3019ac6d426a009aa7d143c6375a15743493fab2df743343fb18400a0ca27b9.exe

C:\Users\Admin\AppData\Local\Temp\a3019ac6d426a009aa7d143c6375a15743493fab2df743343fb18400a0ca27b9.exe
"C:\Users\Admin\AppData\Local\Temp\a3019ac6d426a009aa7d143c6375a15743493fab2df743343fb18400a0ca27b9.exe"
1⤵
- Drops file in System32 directory
- Suspicious use of AdjustPrivilegeToken
PID:1208

C:\Windows\System32\alg.exe
C:\Windows\System32\alg.exe
1⤵
- Executes dropped EXE
- Drops file in System32 directory
- Drops file in Program Files directory
PID:2956

C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe"
1⤵
- Executes dropped EXE
PID:4960

C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\elevation_service.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\elevation_service.exe"
1⤵
- Executes dropped EXE
PID:4844

C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe
"C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe"
1⤵
- Executes dropped EXE
- Drops file in Program Files directory
PID:1228

\??\c:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE
"c:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE"
1⤵
- Executes dropped EXE
PID:2392

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\elevation_service.exe

Filesize
143KB

MD5
8effbd229dcd8accec636a19e5c8dec7

SHA1
8a280c66adc609beaa4e41e53a6d268e7e109e57

SHA256
ae2461c9e2e3f4de4818a2f545e8335ae0f608f5c30335c5a80ed3e028536fbf

SHA512
f733242635255b98d7b826766c7ce4f0eff1b8b6f7ce2075226de539802a02657aea4e0bb29f0a8d64ef1ce97c64d4db7de29a2c53fad503692bb884ca438bbb

Download Submit
C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe

Filesize
196KB

MD5
ef70b362eee95dd2aa6a268b5139ec80

SHA1
d33f5144ca682b186f8f08e08725ba6197bdac71

SHA256
f2d5bdbaf12ba821cfa8d0e62747eef6950d2257e8b5bd877667eea507c5b533

SHA512
019dcd039edff7f5501bd84d35a842c044462a77f560815db184f858b1a08f1790de4ddfcb46aee07f354dcd9b73f2dd5526777a1d1799831d518c891c184f28

Download Submit
C:\Program Files\Common Files\microsoft shared\Source Engine\OSE.EXE

Filesize
1KB

MD5
0dff28ad9baf17dcef070c1ccd9c5bd7

SHA1
61290c8d09e04478eae320661b8090655f761b64

SHA256
7f1b0682a780f14f1dbe23a236986b4ace2303068f14e2760f0a16a22516ba79

SHA512
526e03e884dcac784727f1a1d90c62411812e153fd526fce9c3f1576e867b8130e3f591e66c7b46135af9837477d0a116b9061d56ffdcc3e50acc6daae72b224

Download Submit
C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe

Filesize
910KB

MD5
b1a640816ea00497e6432a85822e9459

SHA1
475ad0cda0be385576056e3c38546faa44e0fb2d

SHA256
48f16db660025b9ffca70a29c178f68c26e5838c1e9434ddb8ca415b517d2362

SHA512
93883cb85359a04f044ae656a801574748649f86d7fdcbcb16a3e587a187789e0f4c054596c5dc3355a314d5eac90669c1a4fde558f551a8a3dc90fd03d87bbd

Download Submit
C:\Windows\System32\alg.exe

Filesize
661KB

MD5
4ac29b7aa617f642cc2992fec58c00f9

SHA1
bc7e795fa6b9b5451ff1c0d31ae950bc184099ab

SHA256
6a4be2c5b6c10758c8cb7fcd16ea8a9035f087eb9a7c49fffdb648bf2e7866bc

SHA512
6cc1f047e5e6684311366ff642638a869040f4c3dae7bb4837f8cf8fde64c60be019630c99b6f76a48e9c65d46e2e6a3005e5585718df16cd177f97a8fe56c44

Download Submit
C:\Windows\system32\AppVClient.exe

Filesize
811KB

MD5
d259327e6f3d5caeee9348bff9ed7f31

SHA1
dfa8b10b5003a37d46eb3d7edc3cdc5d7096fc19

SHA256
e9784ca6cde749e56ae1b24268411b752cf41bbaa598a950e9635c528464b879

SHA512
1e70eb8278d90d4bb7fd00c86c4b7e441c5724083401f53df1f7078610f5a3382cea013e277e2360cfd0edda96b5051adf6e72ef2d1bcbaad8d47772db37ffcb

Download Submit
memory/1208-26-0x0000000000400000-0x00000000004B8000-memory.dmp

Filesize
736KB

Download
memory/1208-6-0x0000000000AD0000-0x0000000000B37000-memory.dmp

Filesize
412KB

Download
memory/1208-0-0x0000000000400000-0x00000000004B8000-memory.dmp

Filesize
736KB

Download
memory/1208-1-0x0000000000AD0000-0x0000000000B37000-memory.dmp

Filesize
412KB

Download
memory/1208-7-0x0000000000AD0000-0x0000000000B37000-memory.dmp

Filesize
412KB

Download
memory/1228-53-0x0000000140000000-0x00000001400CA000-memory.dmp

Filesize
808KB

Download
memory/1228-63-0x0000000002280000-0x00000000022E0000-memory.dmp

Filesize
384KB

Download
memory/1228-65-0x0000000140000000-0x00000001400CA000-memory.dmp

Filesize
808KB

Download
memory/1228-54-0x0000000002280000-0x00000000022E0000-memory.dmp

Filesize
384KB

Download
memory/1228-60-0x0000000002280000-0x00000000022E0000-memory.dmp

Filesize
384KB

Download
memory/2392-69-0x0000000140000000-0x00000001400CF000-memory.dmp

Filesize
828KB

Download
memory/2392-130-0x0000000140000000-0x00000001400CF000-memory.dmp

Filesize
828KB

Download
memory/2392-75-0x0000000000920000-0x0000000000980000-memory.dmp

Filesize
384KB

Download
memory/2392-68-0x0000000000920000-0x0000000000980000-memory.dmp

Filesize
384KB

Download
memory/2956-11-0x0000000140000000-0x00000001400AA000-memory.dmp

Filesize
680KB

Download
memory/2956-12-0x0000000000790000-0x00000000007F0000-memory.dmp

Filesize
384KB

Download
memory/2956-18-0x0000000000790000-0x00000000007F0000-memory.dmp

Filesize
384KB

Download
memory/2956-98-0x0000000140000000-0x00000001400AA000-memory.dmp

Filesize
680KB

Download
memory/2956-19-0x0000000000790000-0x00000000007F0000-memory.dmp

Filesize
384KB

Download
memory/4844-49-0x00000000001A0000-0x0000000000200000-memory.dmp

Filesize
384KB

Download
memory/4844-41-0x00000000001A0000-0x0000000000200000-memory.dmp

Filesize
384KB

Download
memory/4844-42-0x0000000140000000-0x000000014022B000-memory.dmp

Filesize
2.2MB

Download
memory/4844-102-0x0000000140000000-0x000000014022B000-memory.dmp

Filesize
2.2MB

Download
memory/4960-29-0x0000000140000000-0x0000000140237000-memory.dmp

Filesize
2.2MB

Download
memory/4960-37-0x0000000000CC0000-0x0000000000D20000-memory.dmp

Filesize
384KB

Download
memory/4960-30-0x0000000000CC0000-0x0000000000D20000-memory.dmp

Filesize
384KB

Download
memory/4960-99-0x0000000140000000-0x0000000140237000-memory.dmp

Filesize
2.2MB

Download

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads