Overview

overview

7

Static

static

3

9201e8a64c...80.exe

windows7-x64

1

9201e8a64c...80.exe

windows10-2004-x64

7

Analysis

  • max time kernel
    191s
  • max time network
    207s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20231215-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20231215-enlocale:en-usos:windows10-2004-x64system
  • submitted
    30/12/2023, 21:31

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    9201e8a64cf8dc894ef7d939f276d72161b8ec010392192248d5536f3048b080.exe

  • Size

    705KB

  • MD5

    ee024430c73bc4308643ebd61615b96d

  • SHA1

    dce5fafb260f6da86834da9649fe93e2d0911c39

  • SHA256

    9201e8a64cf8dc894ef7d939f276d72161b8ec010392192248d5536f3048b080

  • SHA512

    31a1689848d5fb1c2acd65d835b645a1489d20c191ab7f8723a1ef17751cdb5899d4223a92b3a98017e7690a4355e36146196e1a6c8d8d1f5278a9950685997b

  • SSDEEP

    12288:cW9B+VhFCrNDFKYmKIiirRGW2phzrvXuayM1J3AAlrAf0d83QC0OXxcpGHMki:cW9B28NDFKYmKOF0zr31JwAlcR3QC0O3

Score
7/10

Malware Config

Signatures

  • Executes dropped EXE 5 IoCs
  • Drops file in System32 directory 2 IoCs
  • Drops file in Program Files directory 64 IoCs
  • Suspicious use of AdjustPrivilegeToken 1 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\9201e8a64cf8dc894ef7d939f276d72161b8ec010392192248d5536f3048b080.exe
    "C:\Users\Admin\AppData\Local\Temp\9201e8a64cf8dc894ef7d939f276d72161b8ec010392192248d5536f3048b080.exe"
    1⤵
    • Drops file in System32 directory
    • Suspicious use of AdjustPrivilegeToken
    PID:536
  • C:\Windows\System32\alg.exe
    C:\Windows\System32\alg.exe
    1⤵
    • Executes dropped EXE
    • Drops file in System32 directory
    • Drops file in Program Files directory
    PID:3264
  • C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe
    "C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe"
    1⤵
    • Executes dropped EXE
    PID:4628
  • C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\elevation_service.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\elevation_service.exe"
    1⤵
    • Executes dropped EXE
    PID:2096
  • C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe
    "C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe"
    1⤵
    • Executes dropped EXE
    • Drops file in Program Files directory
    PID:2708
  • \??\c:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE
    "c:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE"
    1⤵
    • Executes dropped EXE
    PID:1300

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\elevation_service.exe
    Filesize

    945KB

    MD5

    885922e22e4afca9cafbbbdc3dcb29c3

    SHA1

    8d8666ceff1b9298515942d3dc879afd515ca566

    SHA256

    c5eccb649efc65c9631c7e3012e89e090ad9469cafcf233c5afa90e50fee32b6

    SHA512

    46e17c199c90b16ae212dafe01ba9ad6cb6d39bf6848c3a5886be44e3f1c43985e04777308b0ea6aa65f5ea0fad2e96e53222abf342d3b8e51ccd9c91d4ebdf3

    Download Submit

  • C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe
    Filesize

    74KB

    MD5

    6c2104ae5de35fe9a349e54fee9469fd

    SHA1

    6173f2b0752f4fb3585c60f8e1fba27bdce966c2

    SHA256

    c26eaef5ae722d7226e179b82aeb7020934f9e6fd2674f9a9c60eff0a64ed61f

    SHA512

    b4976410bbacce6be014e1f0b97ff25741698b7bf63166efb6723bb6af7000bd6ddfb41d24b648a729794f2793dff001092ec7b09be6ac7a74ae6de1d836c693

    Download Submit

  • C:\Program Files\Common Files\microsoft shared\Source Engine\OSE.EXE
    Filesize

    805KB

    MD5

    6aaad847b03f7cfc8d7f9921eea824a3

    SHA1

    a5d7ccc4073be97e449d04cf8c1f1b92d6c0347d

    SHA256

    da62aeabb0dea94bce3f3422b5c0c103f8444953bbf159a29b2ff1a750655bf3

    SHA512

    b7761bcb7d9a0d1ead451277fbf800a52db87b7f50d4f4a9e525379a60749414d7728bd7b0de6d26a112131ae0c27e4b9b1038458069387d5a43b5f16e387c3a

    Download Submit

  • C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe
    Filesize

    114KB

    MD5

    f472193a069289c680ba8ad641f5b68b

    SHA1

    1d56d060f9cd96e1748a27f4763329dbb976bea8

    SHA256

    cbcab713ff8aff29b9ffa1e54bfaf71977926f826aeb8fc676121105d0c1acc2

    SHA512

    a5b2f9bd46d757dd381f916d4de4511ea1a26dd94bd2574a02666b69acd22e0511c6d05dd5a2d4810313d2b02dfeb7a37eb542ed125e21fac5d183a78a78ac56

    Download Submit

  • C:\Windows\System32\alg.exe
    Filesize

    175KB

    MD5

    ec58380a78dd9e9732ec8e0fea750d1d

    SHA1

    027b3cdf09208ba4156ecce43c0c5c0335d99f68

    SHA256

    59a48a0b73afd3743366644b75800a5548248dbbfbbffb984b810f9e1dc210a7

    SHA512

    0364639c38d48b036363b99383c6ccfd428f932fa14d25985da785ab4448677b325c030cb45fa3b4abba9c7c9ba0a1a83a0fe531bcf7d29ce6d64a475cce1ebc

    Download Submit

  • memory/536-1-0x0000000002300000-0x0000000002367000-memory.dmp

    Filesize

    412KB

    Download

  • memory/536-7-0x0000000002300000-0x0000000002367000-memory.dmp

    Filesize

    412KB

    Download

  • memory/536-18-0x0000000000400000-0x00000000004B5000-memory.dmp

    Filesize

    724KB

    Download

  • memory/536-6-0x0000000002300000-0x0000000002367000-memory.dmp

    Filesize

    412KB

    Download

  • memory/536-0-0x0000000000400000-0x00000000004B5000-memory.dmp

    Filesize

    724KB

    Download

  • memory/1300-75-0x0000000000420000-0x0000000000480000-memory.dmp

    Filesize

    384KB

    Download

  • memory/1300-68-0x0000000140000000-0x00000001400CF000-memory.dmp

    Filesize

    828KB

    Download

  • memory/1300-69-0x0000000000420000-0x0000000000480000-memory.dmp

    Filesize

    384KB

    Download

  • memory/1300-145-0x0000000140000000-0x00000001400CF000-memory.dmp

    Filesize

    828KB

    Download

  • memory/2096-48-0x00000000001A0000-0x0000000000200000-memory.dmp

    Filesize

    384KB

    Download

  • memory/2096-76-0x0000000140000000-0x000000014022B000-memory.dmp

    Filesize

    2.2MB

    Download

  • memory/2096-41-0x00000000001A0000-0x0000000000200000-memory.dmp

    Filesize

    384KB

    Download

  • memory/2096-44-0x0000000140000000-0x000000014022B000-memory.dmp

    Filesize

    2.2MB

    Download

  • memory/2096-49-0x00000000001A0000-0x0000000000200000-memory.dmp

    Filesize

    384KB

    Download

  • memory/2708-63-0x0000000002240000-0x00000000022A0000-memory.dmp

    Filesize

    384KB

    Download

  • memory/2708-53-0x0000000140000000-0x00000001400CA000-memory.dmp

    Filesize

    808KB

    Download

  • memory/2708-60-0x0000000002240000-0x00000000022A0000-memory.dmp

    Filesize

    384KB

    Download

  • memory/2708-54-0x0000000002240000-0x00000000022A0000-memory.dmp

    Filesize

    384KB

    Download

  • memory/2708-65-0x0000000140000000-0x00000001400CA000-memory.dmp

    Filesize

    808KB

    Download

  • memory/3264-37-0x0000000140000000-0x00000001400AA000-memory.dmp

    Filesize

    680KB

    Download

  • memory/3264-22-0x0000000000740000-0x00000000007A0000-memory.dmp

    Filesize

    384KB

    Download

  • memory/3264-14-0x0000000140000000-0x00000001400AA000-memory.dmp

    Filesize

    680KB

    Download

  • memory/3264-13-0x0000000000740000-0x00000000007A0000-memory.dmp

    Filesize

    384KB

    Download

  • memory/4628-40-0x0000000140000000-0x0000000140237000-memory.dmp

    Filesize

    2.2MB

    Download

  • memory/4628-35-0x0000000000510000-0x0000000000570000-memory.dmp

    Filesize

    384KB

    Download

  • memory/4628-27-0x0000000000510000-0x0000000000570000-memory.dmp

    Filesize

    384KB

    Download

  • memory/4628-28-0x0000000140000000-0x0000000140237000-memory.dmp

    Filesize

    2.2MB

    Download