7442bcbe21708e25ad7a9f3b68cb9d7821427bf19d57b46a1c3aedab85b94466

Analysis

max time kernel
191s
max time network
222s
platform
windows7_x64
resource
win7-20231215-en
resource tags

arch:x64arch:x86image:win7-20231215-enlocale:en-usos:windows7-x64system
submitted
30/12/2023, 16:27

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

7442bcbe21708e25ad7a9f3b68cb9d7821427bf19d57b46a1c3aedab85b94466.exe
Size

1.8MB
MD5

7c47c8b19e9fab196be5ad4153a627b7
SHA1

e92e5f3e325a12aa5197a79f25beb9565bcc9dbc
SHA256

7442bcbe21708e25ad7a9f3b68cb9d7821427bf19d57b46a1c3aedab85b94466
SHA512

682bb96ac47681d3166d9482cd3dc34a841567867397060503e63d120ece07a63f93477405603564597d3d1e3a7040c9c38a406e23082b078419a42bac96e537
SSDEEP

49152:+x5SUW/cxUitIGLsF0nb+tJVYleAMz77+WA0/snji6attJM:+vbjVkjjCAzJVEnW6at

Score

7^/10

Malware Config

Signatures

Executes dropped EXE 4 IoCs

pid	Process
468	Process not Found
1984	alg.exe
2320	aspnet_state.exe
3044	mscorsvw.exe

Loads dropped DLL 1 IoCs

pid	Process
468	Process not Found

Drops file in System32 directory 2 IoCs

description	ioc	Process
File opened for modification	C:\Windows\System32\alg.exe	7442bcbe21708e25ad7a9f3b68cb9d7821427bf19d57b46a1c3aedab85b94466.exe
File opened for modification	C:\Windows\system32\config\systemprofile\AppData\Roaming\37f84fa93f41c52b.bin	alg.exe

Drops file in Program Files directory 64 IoCs

description	ioc	Process
File opened for modification	C:\Program Files (x86)\Google\Temp\GUT83B2.tmp	7442bcbe21708e25ad7a9f3b68cb9d7821427bf19d57b46a1c3aedab85b94466.exe
File created	C:\Program Files (x86)\Google\Temp\GUM83B1.tmp\goopdateres_mr.dll	7442bcbe21708e25ad7a9f3b68cb9d7821427bf19d57b46a1c3aedab85b94466.exe
File created	C:\Program Files (x86)\Google\Temp\GUM83B1.tmp\GoogleUpdateCore.exe	7442bcbe21708e25ad7a9f3b68cb9d7821427bf19d57b46a1c3aedab85b94466.exe
File created	C:\Program Files (x86)\Google\Temp\GUM83B1.tmp\goopdateres_fa.dll	7442bcbe21708e25ad7a9f3b68cb9d7821427bf19d57b46a1c3aedab85b94466.exe
File created	C:\Program Files (x86)\Google\Temp\GUM83B1.tmp\goopdateres_gu.dll	7442bcbe21708e25ad7a9f3b68cb9d7821427bf19d57b46a1c3aedab85b94466.exe
File created	C:\Program Files (x86)\Google\Temp\GUM83B1.tmp\goopdateres_ta.dll	7442bcbe21708e25ad7a9f3b68cb9d7821427bf19d57b46a1c3aedab85b94466.exe
File created	C:\Program Files (x86)\Google\Temp\GUM83B1.tmp\goopdate.dll	7442bcbe21708e25ad7a9f3b68cb9d7821427bf19d57b46a1c3aedab85b94466.exe
File created	C:\Program Files (x86)\Google\Temp\GUM83B1.tmp\GoogleUpdateBroker.exe	7442bcbe21708e25ad7a9f3b68cb9d7821427bf19d57b46a1c3aedab85b94466.exe
File created	C:\Program Files (x86)\Google\Temp\GUM83B1.tmp\goopdateres_sw.dll	7442bcbe21708e25ad7a9f3b68cb9d7821427bf19d57b46a1c3aedab85b94466.exe
File created	C:\Program Files (x86)\Google\Temp\GUM83B1.tmp\goopdateres_ar.dll	7442bcbe21708e25ad7a9f3b68cb9d7821427bf19d57b46a1c3aedab85b94466.exe
File created	C:\Program Files (x86)\Google\Temp\GUM83B1.tmp\goopdateres_sv.dll	7442bcbe21708e25ad7a9f3b68cb9d7821427bf19d57b46a1c3aedab85b94466.exe
File created	C:\Program Files (x86)\Google\Temp\GUM83B1.tmp\goopdateres_tr.dll	7442bcbe21708e25ad7a9f3b68cb9d7821427bf19d57b46a1c3aedab85b94466.exe
File created	C:\Program Files (x86)\Google\Temp\GUM83B1.tmp\goopdateres_el.dll	7442bcbe21708e25ad7a9f3b68cb9d7821427bf19d57b46a1c3aedab85b94466.exe
File created	C:\Program Files (x86)\Google\Temp\GUM83B1.tmp\goopdateres_et.dll	7442bcbe21708e25ad7a9f3b68cb9d7821427bf19d57b46a1c3aedab85b94466.exe
File created	C:\Program Files (x86)\Google\Temp\GUM83B1.tmp\goopdateres_pt-BR.dll	7442bcbe21708e25ad7a9f3b68cb9d7821427bf19d57b46a1c3aedab85b94466.exe
File created	C:\Program Files (x86)\Google\Temp\GUM83B1.tmp\psuser.dll	7442bcbe21708e25ad7a9f3b68cb9d7821427bf19d57b46a1c3aedab85b94466.exe
File created	C:\Program Files (x86)\Google\Temp\GUM83B1.tmp\goopdateres_cs.dll	7442bcbe21708e25ad7a9f3b68cb9d7821427bf19d57b46a1c3aedab85b94466.exe
File created	C:\Program Files (x86)\Google\Temp\GUM83B1.tmp\goopdateres_de.dll	7442bcbe21708e25ad7a9f3b68cb9d7821427bf19d57b46a1c3aedab85b94466.exe
File created	C:\Program Files (x86)\Google\Temp\GUM83B1.tmp\goopdateres_pl.dll	7442bcbe21708e25ad7a9f3b68cb9d7821427bf19d57b46a1c3aedab85b94466.exe
File created	C:\Program Files (x86)\Google\Temp\GUM83B1.tmp\goopdateres_es.dll	7442bcbe21708e25ad7a9f3b68cb9d7821427bf19d57b46a1c3aedab85b94466.exe
File created	C:\Program Files (x86)\Google\Temp\GUM83B1.tmp\goopdateres_iw.dll	7442bcbe21708e25ad7a9f3b68cb9d7821427bf19d57b46a1c3aedab85b94466.exe
File created	C:\Program Files (x86)\Google\Temp\GUM83B1.tmp\goopdateres_no.dll	7442bcbe21708e25ad7a9f3b68cb9d7821427bf19d57b46a1c3aedab85b94466.exe
File created	C:\Program Files (x86)\Google\Temp\GUM83B1.tmp\goopdateres_kn.dll	7442bcbe21708e25ad7a9f3b68cb9d7821427bf19d57b46a1c3aedab85b94466.exe
File created	C:\Program Files (x86)\Google\Temp\GUM83B1.tmp\goopdateres_th.dll	7442bcbe21708e25ad7a9f3b68cb9d7821427bf19d57b46a1c3aedab85b94466.exe
File created	C:\Program Files (x86)\Google\Temp\GUM83B1.tmp\GoogleUpdateOnDemand.exe	7442bcbe21708e25ad7a9f3b68cb9d7821427bf19d57b46a1c3aedab85b94466.exe
File created	C:\Program Files (x86)\Google\Temp\GUM83B1.tmp\psmachine.dll	7442bcbe21708e25ad7a9f3b68cb9d7821427bf19d57b46a1c3aedab85b94466.exe
File created	C:\Program Files (x86)\Google\Temp\GUM83B1.tmp\goopdateres_ja.dll	7442bcbe21708e25ad7a9f3b68cb9d7821427bf19d57b46a1c3aedab85b94466.exe
File created	C:\Program Files (x86)\Google\Temp\GUM83B1.tmp\goopdateres_bg.dll	7442bcbe21708e25ad7a9f3b68cb9d7821427bf19d57b46a1c3aedab85b94466.exe
File created	C:\Program Files (x86)\Google\Temp\GUM83B1.tmp\goopdateres_en-GB.dll	7442bcbe21708e25ad7a9f3b68cb9d7821427bf19d57b46a1c3aedab85b94466.exe
File created	C:\Program Files (x86)\Google\Temp\GUM83B1.tmp\GoogleUpdate.exe	7442bcbe21708e25ad7a9f3b68cb9d7821427bf19d57b46a1c3aedab85b94466.exe
File created	C:\Program Files (x86)\Google\Temp\GUM83B1.tmp\psuser_64.dll	7442bcbe21708e25ad7a9f3b68cb9d7821427bf19d57b46a1c3aedab85b94466.exe
File created	C:\Program Files (x86)\Google\Temp\GUM83B1.tmp\goopdateres_am.dll	7442bcbe21708e25ad7a9f3b68cb9d7821427bf19d57b46a1c3aedab85b94466.exe
File created	C:\Program Files (x86)\Google\Temp\GUM83B1.tmp\goopdateres_lv.dll	7442bcbe21708e25ad7a9f3b68cb9d7821427bf19d57b46a1c3aedab85b94466.exe
File created	C:\Program Files (x86)\Google\Temp\GUM83B1.tmp\goopdateres_ru.dll	7442bcbe21708e25ad7a9f3b68cb9d7821427bf19d57b46a1c3aedab85b94466.exe
File created	C:\Program Files (x86)\Google\Temp\GUM83B1.tmp\goopdateres_ur.dll	7442bcbe21708e25ad7a9f3b68cb9d7821427bf19d57b46a1c3aedab85b94466.exe
File created	C:\Program Files (x86)\Google\Temp\GUM83B1.tmp\GoogleCrashHandler64.exe	7442bcbe21708e25ad7a9f3b68cb9d7821427bf19d57b46a1c3aedab85b94466.exe
File created	C:\Program Files (x86)\Google\Temp\GUM83B1.tmp\goopdateres_ca.dll	7442bcbe21708e25ad7a9f3b68cb9d7821427bf19d57b46a1c3aedab85b94466.exe
File created	C:\Program Files (x86)\Google\Temp\GUM83B1.tmp\goopdateres_it.dll	7442bcbe21708e25ad7a9f3b68cb9d7821427bf19d57b46a1c3aedab85b94466.exe
File created	C:\Program Files (x86)\Google\Temp\GUM83B1.tmp\goopdateres_vi.dll	7442bcbe21708e25ad7a9f3b68cb9d7821427bf19d57b46a1c3aedab85b94466.exe
File created	C:\Program Files (x86)\Google\Temp\GUM83B1.tmp\GoogleUpdateSetup.exe	7442bcbe21708e25ad7a9f3b68cb9d7821427bf19d57b46a1c3aedab85b94466.exe
File created	C:\Program Files (x86)\Google\Temp\GUM83B1.tmp\goopdateres_en.dll	7442bcbe21708e25ad7a9f3b68cb9d7821427bf19d57b46a1c3aedab85b94466.exe
File created	C:\Program Files (x86)\Google\Temp\GUM83B1.tmp\goopdateres_es-419.dll	7442bcbe21708e25ad7a9f3b68cb9d7821427bf19d57b46a1c3aedab85b94466.exe
File created	C:\Program Files (x86)\Google\Temp\GUM83B1.tmp\goopdateres_hi.dll	7442bcbe21708e25ad7a9f3b68cb9d7821427bf19d57b46a1c3aedab85b94466.exe
File opened for modification	C:\Program Files (x86)\Google\Temp\GUM83B1.tmp\GoogleUpdateSetup.exe	7442bcbe21708e25ad7a9f3b68cb9d7821427bf19d57b46a1c3aedab85b94466.exe
File created	C:\Program Files (x86)\Google\Temp\GUM83B1.tmp\goopdateres_lt.dll	7442bcbe21708e25ad7a9f3b68cb9d7821427bf19d57b46a1c3aedab85b94466.exe
File created	C:\Program Files (x86)\Google\Temp\GUM83B1.tmp\goopdateres_ro.dll	7442bcbe21708e25ad7a9f3b68cb9d7821427bf19d57b46a1c3aedab85b94466.exe
File created	C:\Program Files (x86)\Google\Temp\GUM83B1.tmp\goopdateres_sk.dll	7442bcbe21708e25ad7a9f3b68cb9d7821427bf19d57b46a1c3aedab85b94466.exe
File created	C:\Program Files (x86)\Google\Temp\GUM83B1.tmp\goopdateres_sr.dll	7442bcbe21708e25ad7a9f3b68cb9d7821427bf19d57b46a1c3aedab85b94466.exe
File created	C:\Program Files (x86)\Google\Temp\GUM83B1.tmp\psmachine_64.dll	7442bcbe21708e25ad7a9f3b68cb9d7821427bf19d57b46a1c3aedab85b94466.exe
File created	C:\Program Files (x86)\Google\Temp\GUM83B1.tmp\goopdateres_ms.dll	7442bcbe21708e25ad7a9f3b68cb9d7821427bf19d57b46a1c3aedab85b94466.exe
File created	C:\Program Files (x86)\Google\Temp\GUM83B1.tmp\goopdateres_pt-PT.dll	7442bcbe21708e25ad7a9f3b68cb9d7821427bf19d57b46a1c3aedab85b94466.exe
File created	C:\Program Files (x86)\Google\Temp\GUM83B1.tmp\goopdateres_te.dll	7442bcbe21708e25ad7a9f3b68cb9d7821427bf19d57b46a1c3aedab85b94466.exe
File created	C:\Program Files (x86)\Google\Temp\GUM83B1.tmp\goopdateres_fr.dll	7442bcbe21708e25ad7a9f3b68cb9d7821427bf19d57b46a1c3aedab85b94466.exe
File created	C:\Program Files (x86)\Google\Temp\GUM83B1.tmp\goopdateres_id.dll	7442bcbe21708e25ad7a9f3b68cb9d7821427bf19d57b46a1c3aedab85b94466.exe
File created	C:\Program Files (x86)\Google\Temp\GUM83B1.tmp\goopdateres_nl.dll	7442bcbe21708e25ad7a9f3b68cb9d7821427bf19d57b46a1c3aedab85b94466.exe
File created	C:\Program Files (x86)\Google\Temp\GUM83B1.tmp\goopdateres_uk.dll	7442bcbe21708e25ad7a9f3b68cb9d7821427bf19d57b46a1c3aedab85b94466.exe
File created	C:\Program Files (x86)\Google\Temp\GUM83B1.tmp\goopdateres_zh-CN.dll	7442bcbe21708e25ad7a9f3b68cb9d7821427bf19d57b46a1c3aedab85b94466.exe
File created	C:\Program Files (x86)\Google\Temp\GUM83B1.tmp\goopdateres_da.dll	7442bcbe21708e25ad7a9f3b68cb9d7821427bf19d57b46a1c3aedab85b94466.exe
File created	C:\Program Files (x86)\Google\Temp\GUM83B1.tmp\goopdateres_is.dll	7442bcbe21708e25ad7a9f3b68cb9d7821427bf19d57b46a1c3aedab85b94466.exe
File created	C:\Program Files (x86)\Google\Temp\GUM83B1.tmp\goopdateres_ko.dll	7442bcbe21708e25ad7a9f3b68cb9d7821427bf19d57b46a1c3aedab85b94466.exe
File created	C:\Program Files (x86)\Google\Temp\GUM83B1.tmp\goopdateres_sl.dll	7442bcbe21708e25ad7a9f3b68cb9d7821427bf19d57b46a1c3aedab85b94466.exe
File created	C:\Program Files (x86)\Google\Temp\GUM83B1.tmp\goopdateres_zh-TW.dll	7442bcbe21708e25ad7a9f3b68cb9d7821427bf19d57b46a1c3aedab85b94466.exe
File created	C:\Program Files (x86)\Google\Temp\GUM83B1.tmp\GoogleCrashHandler.exe	7442bcbe21708e25ad7a9f3b68cb9d7821427bf19d57b46a1c3aedab85b94466.exe
File created	C:\Program Files (x86)\Google\Temp\GUM83B1.tmp\goopdateres_bn.dll	7442bcbe21708e25ad7a9f3b68cb9d7821427bf19d57b46a1c3aedab85b94466.exe

Drops file in Windows directory 4 IoCs

description	ioc	Process
File opened for modification	C:\Windows\Microsoft.NET\Framework64\v4.0.30319\aspnet_state.exe	7442bcbe21708e25ad7a9f3b68cb9d7821427bf19d57b46a1c3aedab85b94466.exe
File opened for modification	C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe	7442bcbe21708e25ad7a9f3b68cb9d7821427bf19d57b46a1c3aedab85b94466.exe
File opened for modification	C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe	alg.exe
File opened for modification	C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe	alg.exe

Suspicious use of AdjustPrivilegeToken 1 IoCs

description	pid	Process
Token: SeTakeOwnershipPrivilege	2532	7442bcbe21708e25ad7a9f3b68cb9d7821427bf19d57b46a1c3aedab85b94466.exe

C:\Users\Admin\AppData\Local\Temp\7442bcbe21708e25ad7a9f3b68cb9d7821427bf19d57b46a1c3aedab85b94466.exe
"C:\Users\Admin\AppData\Local\Temp\7442bcbe21708e25ad7a9f3b68cb9d7821427bf19d57b46a1c3aedab85b94466.exe"
1⤵
- Drops file in System32 directory
- Drops file in Program Files directory
- Drops file in Windows directory
- Suspicious use of AdjustPrivilegeToken
PID:2532

C:\Windows\System32\alg.exe
C:\Windows\System32\alg.exe
1⤵
- Executes dropped EXE
- Drops file in System32 directory
- Drops file in Windows directory
PID:1984

C:\Windows\Microsoft.NET\Framework64\v4.0.30319\aspnet_state.exe
C:\Windows\Microsoft.NET\Framework64\v4.0.30319\aspnet_state.exe
1⤵
- Executes dropped EXE
PID:2320

C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
1⤵
- Executes dropped EXE
PID:3044

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe

Filesize
1.2MB

MD5
b22e0f0149d29049c948f6eb603bf61c

SHA1
41eda77a6c33f6c614ced5027d5f6394deadaf8d

SHA256
359fe3b38f4320b3f56c2efa85687735ce934c244a2496f4707126f536687d0b

SHA512
04362530fd2c485cd91d4f45aaac2c78cfc29c1f9e11c8df0e0074ac44d86fb8dbe1983a0526e6ba52bd422d9e5fe7c278d40884ec3a0c6ed0ee2ec3ea0cfb2f

Download Submit
C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe

Filesize
243KB

MD5
b788ccf3e06fdc141e71472ede7a5358

SHA1
5375563673a3cbfaac697da3c403ea51052f8dba

SHA256
c7f2ec2f03400e6d817a036db852db02d03346d03f689b5ce1e2c664449905ec

SHA512
09d1bb99204cb7fb3a1aa5422bec14ba2af63c1502483c37752c2a39b3226246b6ec16d14bfcd390f161875031c0ac949d19bb69803ebde022b21901e5668ab4

Download Submit
C:\Windows\System32\alg.exe

Filesize
1.1MB

MD5
e4e4a7fa855ab124a1e478685de0ef85

SHA1
506bbd80734520f54a4ac7b4e1922570a0ae8d19

SHA256
d26dceb2f280e218de33dc45926650e90c756f679e6c3be05b2dd3a8f422445a

SHA512
9ff4cea46dc6494af1ddf76f43929c6b3678dada97fb41370d0e5e9380b911462d50c8e7b1004c9c57d0b0efc487aa57ed82a0a34346a82fef4b596f24eceae3

Download Submit
\Windows\Microsoft.NET\Framework64\v4.0.30319\aspnet_state.exe

Filesize
1.2MB

MD5
40a249cbaee8e8e8e1ace5095adf0fcf

SHA1
88c52bce67f79135b41faf2b7ee70cd1f33f3f40

SHA256
b6bcc2ad9ca142f15c56edcca96bc05d3101fe6b89d88f7f619e922f188e25b1

SHA512
e0dd1bba9572ed6217310e9cfc94f7005c823d917d9874dac9bab733e68f7b2773466c8a8a3a729cb8bc0d09fa183913819d4fb35928b2d228a368ce906ccc10

Download Submit
\Windows\System32\alg.exe

Filesize
1.3MB

MD5
393322ff9bf2f5b4030aa8fe05cb7a6a

SHA1
1369e1926743cd597fbe6658e767b982f60b9924

SHA256
46c306bf038b0119ecd4b727d7e80ae8e7041a92a2da30fc85f64ea264e27e80

SHA512
71900c3358369fd8e6a2e39a603f64d200663b9e72cc0281752c1a0efdb79c070dc00b45d830b411c307aee513d22dc023a044d2a570377e3de5b4d193d416d5

Download Submit
memory/1984-55-0x0000000000870000-0x00000000008D0000-memory.dmp

Filesize
384KB

Download
memory/1984-67-0x0000000100000000-0x0000000100145000-memory.dmp

Filesize
1.3MB

Download
memory/1984-47-0x0000000100000000-0x0000000100145000-memory.dmp

Filesize
1.3MB

Download
memory/1984-46-0x0000000000870000-0x00000000008D0000-memory.dmp

Filesize
384KB

Download
memory/2320-97-0x0000000140000000-0x000000014013E000-memory.dmp

Filesize
1.2MB

Download
memory/2320-172-0x0000000140000000-0x000000014013E000-memory.dmp

Filesize
1.2MB

Download
memory/2532-14-0x0000000000400000-0x00000000005D4000-memory.dmp

Filesize
1.8MB

Download
memory/2532-6-0x0000000001E10000-0x0000000001E77000-memory.dmp

Filesize
412KB

Download
memory/2532-0-0x0000000000400000-0x00000000005D4000-memory.dmp

Filesize
1.8MB

Download
memory/2532-171-0x0000000000400000-0x00000000005D4000-memory.dmp

Filesize
1.8MB

Download
memory/2532-7-0x0000000001E10000-0x0000000001E77000-memory.dmp

Filesize
412KB

Download
memory/2532-1-0x0000000001E10000-0x0000000001E77000-memory.dmp

Filesize
412KB

Download