Analysis
-
max time kernel
2s -
max time network
107s -
platform
windows10-2004_x64 -
resource
win10v2004-20231222-en -
resource tags
-
submitted
11/01/2024, 03:31
General
-
Target
9c0cb98d0868ebb049a558bbbb5580ed2197a48d89f9447cc5cd5c5594b02c8e.exe
-
Size
1.3MB
-
MD5
53f8d96e2eee062de17935d6fd019e95
-
SHA1
7dfa02009cdfb02bd839004e569083e1eed04366
-
SHA256
9c0cb98d0868ebb049a558bbbb5580ed2197a48d89f9447cc5cd5c5594b02c8e
-
SHA512
838ad938503229674902c76392888635747f474c753cd74fbab65daf27b0d33c86670a2b10bdeb225207849bd515c1bcb55bb4f263ddadf996e54e6904e14acd
-
SSDEEP
12288:1f9B+VPGt/sB1KcYmqgZvAMlUoUjG+YKtMfnkOeZb5JYiNAgAPh:1f9BHt/sBlDqgZQd6XKtiMJYiPU
Malware Config
Signatures
-
Executes dropped EXE 5 IoCs
-
Drops file in System32 directory 2 IoCs
-
Drops file in Program Files directory 64 IoCs
-
Suspicious use of AdjustPrivilegeToken 1 IoCs
Processes
-
C:\Users\Admin\AppData\Local\Temp\9c0cb98d0868ebb049a558bbbb5580ed2197a48d89f9447cc5cd5c5594b02c8e.exe"C:\Users\Admin\AppData\Local\Temp\9c0cb98d0868ebb049a558bbbb5580ed2197a48d89f9447cc5cd5c5594b02c8e.exe"1⤵
- Drops file in System32 directory
- Suspicious use of AdjustPrivilegeToken
-
C:\Windows\System32\alg.exeC:\Windows\System32\alg.exe1⤵
- Executes dropped EXE
- Drops file in System32 directory
- Drops file in Program Files directory
-
C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe"C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe"1⤵
- Executes dropped EXE
-
C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\elevation_service.exe"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\elevation_service.exe"1⤵
- Executes dropped EXE
-
C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe"C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe"1⤵
- Executes dropped EXE
-
\??\c:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE"c:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE"1⤵
- Executes dropped EXE
-
C:\Windows\system32\DiagSvcs\DiagnosticsHub.StandardCollector.Service.exeC:\Windows\system32\DiagSvcs\DiagnosticsHub.StandardCollector.Service.exe1⤵
-
C:\Windows\system32\fxssvc.exeC:\Windows\system32\fxssvc.exe1⤵
-
C:\Windows\System32\msdtc.exeC:\Windows\System32\msdtc.exe1⤵
-
C:\Windows\system32\PerceptionSimulation\PerceptionSimulationService.exeC:\Windows\system32\PerceptionSimulation\PerceptionSimulationService.exe1⤵
-
C:\Windows\SysWow64\perfhost.exeC:\Windows\SysWow64\perfhost.exe1⤵
-
C:\Windows\System32\snmptrap.exeC:\Windows\System32\snmptrap.exe1⤵
-
C:\Windows\system32\AgentService.exeC:\Windows\system32\AgentService.exe1⤵
-
C:\Windows\system32\wbem\WmiApSrv.exeC:\Windows\system32\wbem\WmiApSrv.exe1⤵
-
C:\Windows\system32\SearchFilterHost.exe"C:\Windows\system32\SearchFilterHost.exe" 0 912 916 924 8192 920 8961⤵
-
C:\Windows\system32\SearchProtocolHost.exe"C:\Windows\system32\SearchProtocolHost.exe" Global\UsGthrFltPipeMssGthrPipe1_ Global\UsGthrCtrlFltPipeMssGthrPipe1 1 -2147483646 "Software\Microsoft\Windows Search" "Mozilla/4.0 (compatible; MSIE 6.0; Windows NT; MS Search 4.0 Robot)" "C:\ProgramData\Microsoft\Search\Data\Temp\usgthrsvc" "DownLevelDaemon"1⤵
-
C:\Windows\system32\SearchIndexer.exeC:\Windows\system32\SearchIndexer.exe /Embedding1⤵
-
C:\Windows\system32\wbengine.exe"C:\Windows\system32\wbengine.exe"1⤵
-
C:\Windows\system32\vssvc.exeC:\Windows\system32\vssvc.exe1⤵
-
C:\Windows\System32\vds.exeC:\Windows\System32\vds.exe1⤵
-
C:\Windows\system32\TieringEngineService.exeC:\Windows\system32\TieringEngineService.exe1⤵
-
C:\Windows\system32\svchost.exeC:\Windows\system32\svchost.exe -k LocalService -p -s SharedRealitySvc1⤵
-
C:\Windows\System32\OpenSSH\ssh-agent.exeC:\Windows\System32\OpenSSH\ssh-agent.exe1⤵
-
C:\Windows\system32\spectrum.exeC:\Windows\system32\spectrum.exe1⤵
-
C:\Windows\System32\SensorDataService.exeC:\Windows\System32\SensorDataService.exe1⤵
-
C:\Windows\system32\locator.exeC:\Windows\system32\locator.exe1⤵
-
C:\Windows\System32\svchost.exeC:\Windows\System32\svchost.exe -k NetworkService -p -s TapiSrv1⤵
Network
MITRE ATT&CK Matrix
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
92KB
MD5c4e50b6a3d7e59693fc0259ff3b548ce
SHA16175a7451a179ab4b263aee66932ea33f70054a6
SHA2568f85d507c9fad4965c1bd24eec40f5393abb7ea059f4bfecad8156faba46a06b
SHA512bf2d1f5aba567bcc0e611a94bb99c33eef8e95589831a1fb43cb90da000e95de7bbb306e2da1466d95811f1f326fbc3fecf6c6576359d0bf9f1ee574ec0aecd9
-
Filesize
92KB
MD5a1d5e796afae1d9d3f51a07e6a7884de
SHA1596938bf3602d7435894a34db3421d6a0252b2d8
SHA256e23c1cb7f420139f120be3346e32153426d3121c8f8075b41bbffc2d38e3dbdb
SHA5127a01881ee154efd0d80f8292c3f2aaebb9abef3ae041f3660959e7f9106e1cd4d2cd777f05f9c86726c63509590682f1a81c582ba33b589d93264dc79c1677af
-
Filesize
381KB
MD5ff7bea4b9701ec6925f0dbe12ee11ead
SHA13088519149724eac3112fca0b466c5e00cd0b66c
SHA2565ab124c5bf3cbcddf2542f811034ad14db01f77adee52de2706ff104e42e794e
SHA512b96499cd476e22398c594dc36386225f7cfbc61148389a4b3ee4ea3bac0fa5ddfa794f22628e5698254a3e404ef251a1bd4ee36fe99e7a200598e80e2fbd5b98
-
Filesize
1.2MB
MD58db1ce6c1f495b16319fd8ae09bf48c1
SHA18f24f3b6d5f9c905a56b1315fb579e249da11e76
SHA2569c7a5ac0eb818739f66fed0d78afd0d8adaf665c4c5f653d7fabb3aa7d0d45f8
SHA512078881382a96b8b220eba748f8c066880e99047e97d318c34daf00af5b57cc08361e3d6c0aca78573d034514468e682ae46c29fc21527ad928c09caf848e7631
-
Filesize
411KB
MD5770a27d06c5e66254bf39452ebc21693
SHA1adf8e553999125d33f94af125c4027e1764c10b2
SHA25641156813c4ad98c820f1ba2e24b09525e097724d15103b699034d6f8034346d2
SHA512a10375c5b205e11ba8d5a52c47e887579bb74cbfad58fb7fd320bcc8f788f07b7bdd429746305a70d77e5a5f0efba7f3ac9fad98d0fa0adbe7db2cf2b9a3eb90
-
Filesize
1.3MB
-
Filesize
1.3MB
-
Filesize
384KB
-
Filesize
2.2MB
-
Filesize
384KB
-
Filesize
384KB
-
Filesize
2.2MB
-
Filesize
384KB
-
Filesize
2.2MB
-
Filesize
2.2MB
-
Filesize
384KB
-
Filesize
1.2MB
-
Filesize
1.2MB
-
Filesize
412KB
-
Filesize
384KB
-
Filesize
1.2MB
-
Filesize
384KB
-
Filesize
384KB
-
Filesize
1.2MB
-
Filesize
1.2MB
-
Filesize
1.2MB
-
Filesize
384KB
-
Filesize
1.5MB
-
Filesize
1.5MB
-
Filesize
384KB
-
Filesize
384KB
-
Filesize
2.1MB
-
Filesize
384KB
-
Filesize
1.8MB
-
Filesize
1.8MB
-
Filesize
384KB
-
Filesize
1.4MB
-
Filesize
384KB
-
Filesize
384KB
-
Filesize
1.4MB
-
Filesize
2.0MB
-
Filesize
384KB
-
Filesize
384KB
-
Filesize
1.2MB
-
Filesize
1.2MB
-
Filesize
384KB
-
Filesize
1.4MB
-
Filesize
1.5MB
-
Filesize
384KB
-
Filesize
1.3MB
-
Filesize
384KB
-
Filesize
384KB
-
Filesize
1.3MB
-
Filesize
384KB
-
Filesize
1.3MB
-
Filesize
1.3MB
-
Filesize
384KB
-
Filesize
384KB
-
Filesize
1.4MB
-
Filesize
1.4MB
-
Filesize
384KB
-
Filesize
1.8MB
-
Filesize
384KB
-
Filesize
1.8MB
-
Filesize
384KB
-
Filesize
1.4MB
-
Filesize
1.4MB
-
Filesize
1.3MB
-
Filesize
1.3MB
-
Filesize
384KB
-
Filesize
384KB
-
Filesize
1.4MB
-
Filesize
1.4MB
-
Filesize
1.6MB
-
Filesize
384KB
-
Filesize
1.6MB
-
Filesize
412KB
-
Filesize
1.3MB
-
Filesize
412KB
-
Filesize
412KB
-
Filesize
1.3MB
-
Filesize
64KB
-
Filesize
64KB
-
Filesize
64KB