Analysis
-
max time kernel
3s -
max time network
125s -
platform
windows10-2004_x64 -
resource
win10v2004-20231222-en -
resource tags
-
submitted
11/01/2024, 01:30
General
-
Target
3cc50b9e1b80f6939109edce1fb14af0f4e8302817b6d5b715137486320a5894.exe
-
Size
1.6MB
-
MD5
f85366a5fe7e4a4d34bec24a0e73d378
-
SHA1
4b5ed756e3589d50bd59801a6bec91425f70e7c8
-
SHA256
3cc50b9e1b80f6939109edce1fb14af0f4e8302817b6d5b715137486320a5894
-
SHA512
9aec68324f10b1785e276ae187343eb6c833cffbe105a267d425b13080081897e6dfe79985bf8269d9d716d3023043027e8b57ba6bc497dd4613904386fa5b78
-
SSDEEP
12288:Kj9B+VZGt/sB1KcYmqgZvAMlUoUjG+YKtMfnkOeZb5JYiNAgAPh:Kj9B1t/sBlDqgZQd6XKtiMJYiPU
Score
7/10
Malware Config
Signatures
-
Executes dropped EXE 5 IoCs
-
Drops file in System32 directory 2 IoCs
-
Drops file in Program Files directory 64 IoCs
-
Suspicious use of AdjustPrivilegeToken 1 IoCs
Processes
-
C:\Users\Admin\AppData\Local\Temp\3cc50b9e1b80f6939109edce1fb14af0f4e8302817b6d5b715137486320a5894.exe"C:\Users\Admin\AppData\Local\Temp\3cc50b9e1b80f6939109edce1fb14af0f4e8302817b6d5b715137486320a5894.exe"1⤵
- Drops file in System32 directory
- Suspicious use of AdjustPrivilegeToken
-
C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\elevation_service.exe"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\elevation_service.exe"1⤵
- Executes dropped EXE
-
\??\c:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE"c:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE"1⤵
- Executes dropped EXE
-
C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe"C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe"1⤵
- Executes dropped EXE
- Drops file in Program Files directory
-
C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe"C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe"1⤵
- Executes dropped EXE
-
C:\Windows\System32\alg.exeC:\Windows\System32\alg.exe1⤵
- Executes dropped EXE
- Drops file in System32 directory
- Drops file in Program Files directory
-
C:\Windows\System32\svchost.exeC:\Windows\System32\svchost.exe -k NetworkService -p -s TapiSrv1⤵
-
C:\Windows\System32\msdtc.exeC:\Windows\System32\msdtc.exe1⤵
-
C:\Windows\System32\SensorDataService.exeC:\Windows\System32\SensorDataService.exe1⤵
-
C:\Windows\system32\SearchIndexer.exeC:\Windows\system32\SearchIndexer.exe /Embedding1⤵
-
C:\Windows\system32\SearchFilterHost.exe"C:\Windows\system32\SearchFilterHost.exe" 0 916 920 928 8192 924 8962⤵
-
-
C:\Windows\system32\SearchProtocolHost.exe"C:\Windows\system32\SearchProtocolHost.exe" Global\UsGthrFltPipeMssGthrPipe1_ Global\UsGthrCtrlFltPipeMssGthrPipe1 1 -2147483646 "Software\Microsoft\Windows Search" "Mozilla/4.0 (compatible; MSIE 6.0; Windows NT; MS Search 4.0 Robot)" "C:\ProgramData\Microsoft\Search\Data\Temp\usgthrsvc" "DownLevelDaemon"2⤵
-
-
C:\Windows\system32\wbem\WmiApSrv.exeC:\Windows\system32\wbem\WmiApSrv.exe1⤵
-
C:\Windows\system32\wbengine.exe"C:\Windows\system32\wbengine.exe"1⤵
-
C:\Windows\system32\vssvc.exeC:\Windows\system32\vssvc.exe1⤵
-
C:\Windows\System32\vds.exeC:\Windows\System32\vds.exe1⤵
-
C:\Windows\system32\AgentService.exeC:\Windows\system32\AgentService.exe1⤵
-
C:\Windows\system32\TieringEngineService.exeC:\Windows\system32\TieringEngineService.exe1⤵
-
C:\Windows\system32\svchost.exeC:\Windows\system32\svchost.exe -k LocalService -p -s SharedRealitySvc1⤵
-
C:\Windows\System32\OpenSSH\ssh-agent.exeC:\Windows\System32\OpenSSH\ssh-agent.exe1⤵
-
C:\Windows\system32\spectrum.exeC:\Windows\system32\spectrum.exe1⤵
-
C:\Windows\System32\snmptrap.exeC:\Windows\System32\snmptrap.exe1⤵
-
C:\Windows\system32\locator.exeC:\Windows\system32\locator.exe1⤵
-
C:\Windows\SysWow64\perfhost.exeC:\Windows\SysWow64\perfhost.exe1⤵
-
C:\Windows\system32\PerceptionSimulation\PerceptionSimulationService.exeC:\Windows\system32\PerceptionSimulation\PerceptionSimulationService.exe1⤵
-
C:\Windows\system32\fxssvc.exeC:\Windows\system32\fxssvc.exe1⤵
-
C:\Windows\system32\DiagSvcs\DiagnosticsHub.StandardCollector.Service.exeC:\Windows\system32\DiagSvcs\DiagnosticsHub.StandardCollector.Service.exe1⤵
Network
MITRE ATT&CK Matrix
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
412KB
-
Filesize
412KB
-
Filesize
1.6MB
-
Filesize
412KB
-
Filesize
1.6MB
-
Filesize
1.6MB
-
Filesize
384KB
-
Filesize
1.7MB
-
Filesize
384KB
-
Filesize
384KB
-
Filesize
1.7MB
-
Filesize
384KB
-
Filesize
384KB
-
Filesize
2.1MB
-
Filesize
1.5MB
-
Filesize
1.5MB
-
Filesize
384KB
-
Filesize
384KB
-
Filesize
1.5MB
-
Filesize
1.5MB
-
Filesize
384KB
-
Filesize
1.8MB
-
Filesize
384KB
-
Filesize
1.8MB
-
Filesize
384KB
-
Filesize
1.3MB
-
Filesize
1.3MB
-
Filesize
384KB
-
Filesize
1.5MB
-
Filesize
1.5MB
-
Filesize
384KB
-
Filesize
1.7MB
-
Filesize
1.7MB
-
Filesize
384KB
-
Filesize
2.2MB
-
Filesize
384KB
-
Filesize
2.2MB
-
Filesize
384KB
-
Filesize
1.8MB
-
Filesize
384KB
-
Filesize
1.8MB
-
Filesize
2.0MB
-
Filesize
384KB
-
Filesize
1.9MB
-
Filesize
1.9MB
-
Filesize
384KB
-
Filesize
384KB
-
Filesize
1.8MB
-
Filesize
1.8MB
-
Filesize
2.2MB
-
Filesize
384KB
-
Filesize
2.2MB
-
Filesize
384KB
-
Filesize
1.5MB
-
Filesize
1.5MB
-
Filesize
384KB
-
Filesize
384KB
-
Filesize
1.2MB
-
Filesize
384KB
-
Filesize
384KB
-
Filesize
1.2MB
-
Filesize
1.5MB
-
Filesize
384KB
-
Filesize
1.4MB
-
Filesize
384KB
-
Filesize
1.4MB
-
Filesize
1.6MB
-
Filesize
384KB
-
Filesize
1.6MB
-
Filesize
1.5MB
-
Filesize
384KB
-
Filesize
384KB
-
Filesize
1.5MB
-
Filesize
1.5MB
-
Filesize
1.5MB
-
Filesize
4KB
-
Filesize
64KB
-
Filesize
64KB