e0aaddf09edd7f4f4bce8a6cd2f906dcc294059c43638d9e26322eff8b7b44d5

Analysis

max time kernel
121s
max time network
125s
platform
windows7_x64
resource
win7-20231215-en
resource tags

arch:x64arch:x86image:win7-20231215-enlocale:en-usos:windows7-x64system
submitted
13/01/2024, 12:12

Sharing

Copy URL Twitter E-mail

Report Analysis Logs

General

Target

e0aaddf09edd7f4f4bce8a6cd2f906dcc294059c43638d9e26322eff8b7b44d5.exe
Size

1.8MB
MD5

d8d9f5fdb903db649eb3dbb6e98dc43d
SHA1

893f2a05fd4bf28417742be84f47884abc09fd53
SHA256

e0aaddf09edd7f4f4bce8a6cd2f906dcc294059c43638d9e26322eff8b7b44d5
SHA512

0bb817f2c5bc63dcc966c22032bd9cce9932e136907fdc78ba854e24ac79d553326bb22221f70e468155662ff2820eb5563ce1f49a794263a82f39889fea9d8b
SSDEEP

49152:EKJ0WR7AFPyyiSruXKpk3WFDL9zxnSFw7x03jY0a:EKlBAFPydSS6W6X9lnSw7izY0a

Score

7^/10

Malware Config

Signatures

Executes dropped EXE 3 IoCs

pid	Process
472	Process not Found
2816	alg.exe
2600	aspnet_state.exe

Loads dropped DLL 1 IoCs

pid	Process
472	Process not Found

Drops file in System32 directory 1 IoCs

description	ioc	Process
File opened for modification	C:\Windows\System32\alg.exe	e0aaddf09edd7f4f4bce8a6cd2f906dcc294059c43638d9e26322eff8b7b44d5.exe

Drops file in Program Files directory 64 IoCs

description	ioc	Process
File created	C:\Program Files (x86)\Google\Temp\GUM74F1.tmp\goopdateres_ar.dll	e0aaddf09edd7f4f4bce8a6cd2f906dcc294059c43638d9e26322eff8b7b44d5.exe
File created	C:\Program Files (x86)\Google\Temp\GUM74F1.tmp\goopdateres_bg.dll	e0aaddf09edd7f4f4bce8a6cd2f906dcc294059c43638d9e26322eff8b7b44d5.exe
File created	C:\Program Files (x86)\Google\Temp\GUM74F1.tmp\goopdateres_hu.dll	e0aaddf09edd7f4f4bce8a6cd2f906dcc294059c43638d9e26322eff8b7b44d5.exe
File created	C:\Program Files (x86)\Google\Temp\GUM74F1.tmp\goopdateres_id.dll	e0aaddf09edd7f4f4bce8a6cd2f906dcc294059c43638d9e26322eff8b7b44d5.exe
File created	C:\Program Files (x86)\Google\Temp\GUM74F1.tmp\goopdateres_ml.dll	e0aaddf09edd7f4f4bce8a6cd2f906dcc294059c43638d9e26322eff8b7b44d5.exe
File created	C:\Program Files (x86)\Google\Temp\GUM74F1.tmp\GoogleUpdateComRegisterShell64.exe	e0aaddf09edd7f4f4bce8a6cd2f906dcc294059c43638d9e26322eff8b7b44d5.exe
File created	C:\Program Files (x86)\Google\Temp\GUM74F1.tmp\goopdateres_da.dll	e0aaddf09edd7f4f4bce8a6cd2f906dcc294059c43638d9e26322eff8b7b44d5.exe
File created	C:\Program Files (x86)\Google\Temp\GUM74F1.tmp\goopdateres_lv.dll	e0aaddf09edd7f4f4bce8a6cd2f906dcc294059c43638d9e26322eff8b7b44d5.exe
File created	C:\Program Files (x86)\Google\Temp\GUM74F1.tmp\goopdateres_sr.dll	e0aaddf09edd7f4f4bce8a6cd2f906dcc294059c43638d9e26322eff8b7b44d5.exe
File created	C:\Program Files (x86)\Google\Temp\GUM74F1.tmp\goopdateres_zh-CN.dll	e0aaddf09edd7f4f4bce8a6cd2f906dcc294059c43638d9e26322eff8b7b44d5.exe
File created	C:\Program Files (x86)\Google\Temp\GUM74F1.tmp\goopdateres_en-GB.dll	e0aaddf09edd7f4f4bce8a6cd2f906dcc294059c43638d9e26322eff8b7b44d5.exe
File created	C:\Program Files (x86)\Google\Temp\GUM74F1.tmp\goopdateres_tr.dll	e0aaddf09edd7f4f4bce8a6cd2f906dcc294059c43638d9e26322eff8b7b44d5.exe
File created	C:\Program Files (x86)\Google\Temp\GUM74F1.tmp\psmachine.dll	e0aaddf09edd7f4f4bce8a6cd2f906dcc294059c43638d9e26322eff8b7b44d5.exe
File created	C:\Program Files (x86)\Google\Temp\GUM74F1.tmp\goopdateres_sl.dll	e0aaddf09edd7f4f4bce8a6cd2f906dcc294059c43638d9e26322eff8b7b44d5.exe
File created	C:\Program Files (x86)\Google\Temp\GUM74F1.tmp\goopdateres_ca.dll	e0aaddf09edd7f4f4bce8a6cd2f906dcc294059c43638d9e26322eff8b7b44d5.exe
File created	C:\Program Files (x86)\Google\Temp\GUM74F1.tmp\goopdateres_gu.dll	e0aaddf09edd7f4f4bce8a6cd2f906dcc294059c43638d9e26322eff8b7b44d5.exe
File created	C:\Program Files (x86)\Google\Temp\GUM74F1.tmp\goopdateres_it.dll	e0aaddf09edd7f4f4bce8a6cd2f906dcc294059c43638d9e26322eff8b7b44d5.exe
File created	C:\Program Files (x86)\Google\Temp\GUM74F1.tmp\goopdateres_bn.dll	e0aaddf09edd7f4f4bce8a6cd2f906dcc294059c43638d9e26322eff8b7b44d5.exe
File created	C:\Program Files (x86)\Google\Temp\GUM74F1.tmp\goopdateres_sv.dll	e0aaddf09edd7f4f4bce8a6cd2f906dcc294059c43638d9e26322eff8b7b44d5.exe
File created	C:\Program Files (x86)\Google\Temp\GUM74F1.tmp\goopdateres_pt-PT.dll	e0aaddf09edd7f4f4bce8a6cd2f906dcc294059c43638d9e26322eff8b7b44d5.exe
File created	C:\Program Files (x86)\Google\Temp\GUM74F1.tmp\goopdateres_sk.dll	e0aaddf09edd7f4f4bce8a6cd2f906dcc294059c43638d9e26322eff8b7b44d5.exe
File created	C:\Program Files (x86)\Google\Temp\GUM74F1.tmp\GoogleUpdate.exe	e0aaddf09edd7f4f4bce8a6cd2f906dcc294059c43638d9e26322eff8b7b44d5.exe
File created	C:\Program Files (x86)\Google\Temp\GUM74F1.tmp\GoogleUpdateBroker.exe	e0aaddf09edd7f4f4bce8a6cd2f906dcc294059c43638d9e26322eff8b7b44d5.exe
File created	C:\Program Files (x86)\Google\Temp\GUM74F1.tmp\goopdateres_hi.dll	e0aaddf09edd7f4f4bce8a6cd2f906dcc294059c43638d9e26322eff8b7b44d5.exe
File created	C:\Program Files (x86)\Google\Temp\GUM74F1.tmp\goopdateres_ko.dll	e0aaddf09edd7f4f4bce8a6cd2f906dcc294059c43638d9e26322eff8b7b44d5.exe
File created	C:\Program Files (x86)\Google\Temp\GUM74F1.tmp\goopdateres_ms.dll	e0aaddf09edd7f4f4bce8a6cd2f906dcc294059c43638d9e26322eff8b7b44d5.exe
File created	C:\Program Files (x86)\Google\Temp\GUM74F1.tmp\goopdateres_pt-BR.dll	e0aaddf09edd7f4f4bce8a6cd2f906dcc294059c43638d9e26322eff8b7b44d5.exe
File created	C:\Program Files (x86)\Google\Temp\GUM74F1.tmp\goopdate.dll	e0aaddf09edd7f4f4bce8a6cd2f906dcc294059c43638d9e26322eff8b7b44d5.exe
File created	C:\Program Files (x86)\Google\Temp\GUM74F1.tmp\goopdateres_et.dll	e0aaddf09edd7f4f4bce8a6cd2f906dcc294059c43638d9e26322eff8b7b44d5.exe
File created	C:\Program Files (x86)\Google\Temp\GUM74F1.tmp\goopdateres_fr.dll	e0aaddf09edd7f4f4bce8a6cd2f906dcc294059c43638d9e26322eff8b7b44d5.exe
File created	C:\Program Files (x86)\Google\Temp\GUM74F1.tmp\goopdateres_kn.dll	e0aaddf09edd7f4f4bce8a6cd2f906dcc294059c43638d9e26322eff8b7b44d5.exe
File created	C:\Program Files (x86)\Google\Temp\GUM74F1.tmp\goopdateres_zh-TW.dll	e0aaddf09edd7f4f4bce8a6cd2f906dcc294059c43638d9e26322eff8b7b44d5.exe
File created	C:\Program Files (x86)\Google\Temp\GUM74F1.tmp\psmachine_64.dll	e0aaddf09edd7f4f4bce8a6cd2f906dcc294059c43638d9e26322eff8b7b44d5.exe
File created	C:\Program Files (x86)\Google\Temp\GUM74F1.tmp\goopdateres_am.dll	e0aaddf09edd7f4f4bce8a6cd2f906dcc294059c43638d9e26322eff8b7b44d5.exe
File created	C:\Program Files (x86)\Google\Temp\GUM74F1.tmp\goopdateres_fa.dll	e0aaddf09edd7f4f4bce8a6cd2f906dcc294059c43638d9e26322eff8b7b44d5.exe
File created	C:\Program Files (x86)\Google\Temp\GUM74F1.tmp\goopdateres_ja.dll	e0aaddf09edd7f4f4bce8a6cd2f906dcc294059c43638d9e26322eff8b7b44d5.exe
File created	C:\Program Files (x86)\Google\Temp\GUM74F1.tmp\goopdateres_th.dll	e0aaddf09edd7f4f4bce8a6cd2f906dcc294059c43638d9e26322eff8b7b44d5.exe
File created	C:\Program Files (x86)\Google\Temp\GUM74F1.tmp\GoogleCrashHandler.exe	e0aaddf09edd7f4f4bce8a6cd2f906dcc294059c43638d9e26322eff8b7b44d5.exe
File created	C:\Program Files (x86)\Google\Temp\GUM74F1.tmp\GoogleUpdateOnDemand.exe	e0aaddf09edd7f4f4bce8a6cd2f906dcc294059c43638d9e26322eff8b7b44d5.exe
File created	C:\Program Files (x86)\Google\Temp\GUM74F1.tmp\GoogleCrashHandler64.exe	e0aaddf09edd7f4f4bce8a6cd2f906dcc294059c43638d9e26322eff8b7b44d5.exe
File created	C:\Program Files (x86)\Google\Temp\GUM74F1.tmp\goopdateres_no.dll	e0aaddf09edd7f4f4bce8a6cd2f906dcc294059c43638d9e26322eff8b7b44d5.exe
File opened for modification	C:\Program Files (x86)\Google\Temp\GUT74F2.tmp	e0aaddf09edd7f4f4bce8a6cd2f906dcc294059c43638d9e26322eff8b7b44d5.exe
File created	C:\Program Files (x86)\Google\Temp\GUM74F1.tmp\psuser_64.dll	e0aaddf09edd7f4f4bce8a6cd2f906dcc294059c43638d9e26322eff8b7b44d5.exe
File created	C:\Program Files (x86)\Google\Temp\GUM74F1.tmp\goopdateres_de.dll	e0aaddf09edd7f4f4bce8a6cd2f906dcc294059c43638d9e26322eff8b7b44d5.exe
File created	C:\Program Files (x86)\Google\Temp\GUM74F1.tmp\goopdateres_hr.dll	e0aaddf09edd7f4f4bce8a6cd2f906dcc294059c43638d9e26322eff8b7b44d5.exe
File opened for modification	C:\Program Files (x86)\Google\Temp\GUM74F1.tmp\GoogleUpdateSetup.exe	e0aaddf09edd7f4f4bce8a6cd2f906dcc294059c43638d9e26322eff8b7b44d5.exe
File created	C:\Program Files (x86)\Google\Temp\GUM74F1.tmp\goopdateres_en.dll	e0aaddf09edd7f4f4bce8a6cd2f906dcc294059c43638d9e26322eff8b7b44d5.exe
File created	C:\Program Files (x86)\Google\Temp\GUM74F1.tmp\goopdateres_is.dll	e0aaddf09edd7f4f4bce8a6cd2f906dcc294059c43638d9e26322eff8b7b44d5.exe
File created	C:\Program Files (x86)\Google\Temp\GUM74F1.tmp\goopdateres_ro.dll	e0aaddf09edd7f4f4bce8a6cd2f906dcc294059c43638d9e26322eff8b7b44d5.exe
File created	C:\Program Files (x86)\Google\Temp\GUM74F1.tmp\goopdateres_ru.dll	e0aaddf09edd7f4f4bce8a6cd2f906dcc294059c43638d9e26322eff8b7b44d5.exe
File created	C:\Program Files (x86)\Google\Temp\GUM74F1.tmp\goopdateres_te.dll	e0aaddf09edd7f4f4bce8a6cd2f906dcc294059c43638d9e26322eff8b7b44d5.exe
File created	C:\Program Files (x86)\Google\Temp\GUM74F1.tmp\GoogleUpdateSetup.exe	e0aaddf09edd7f4f4bce8a6cd2f906dcc294059c43638d9e26322eff8b7b44d5.exe
File created	C:\Program Files (x86)\Google\Temp\GUM74F1.tmp\goopdateres_el.dll	e0aaddf09edd7f4f4bce8a6cd2f906dcc294059c43638d9e26322eff8b7b44d5.exe
File created	C:\Program Files (x86)\Google\Temp\GUM74F1.tmp\goopdateres_fi.dll	e0aaddf09edd7f4f4bce8a6cd2f906dcc294059c43638d9e26322eff8b7b44d5.exe
File created	C:\Program Files (x86)\Google\Temp\GUM74F1.tmp\goopdateres_mr.dll	e0aaddf09edd7f4f4bce8a6cd2f906dcc294059c43638d9e26322eff8b7b44d5.exe
File created	C:\Program Files (x86)\Google\Temp\GUM74F1.tmp\goopdateres_ta.dll	e0aaddf09edd7f4f4bce8a6cd2f906dcc294059c43638d9e26322eff8b7b44d5.exe
File created	C:\Program Files (x86)\Google\Temp\GUM74F1.tmp\psuser.dll	e0aaddf09edd7f4f4bce8a6cd2f906dcc294059c43638d9e26322eff8b7b44d5.exe
File created	C:\Program Files (x86)\Google\Temp\GUM74F1.tmp\goopdateres_pl.dll	e0aaddf09edd7f4f4bce8a6cd2f906dcc294059c43638d9e26322eff8b7b44d5.exe
File created	C:\Program Files (x86)\Google\Temp\GUM74F1.tmp\goopdateres_vi.dll	e0aaddf09edd7f4f4bce8a6cd2f906dcc294059c43638d9e26322eff8b7b44d5.exe
File created	C:\Program Files (x86)\Google\Temp\GUM74F1.tmp\GoogleUpdateCore.exe	e0aaddf09edd7f4f4bce8a6cd2f906dcc294059c43638d9e26322eff8b7b44d5.exe
File created	C:\Program Files (x86)\Google\Temp\GUM74F1.tmp\goopdateres_cs.dll	e0aaddf09edd7f4f4bce8a6cd2f906dcc294059c43638d9e26322eff8b7b44d5.exe
File created	C:\Program Files (x86)\Google\Temp\GUM74F1.tmp\goopdateres_es-419.dll	e0aaddf09edd7f4f4bce8a6cd2f906dcc294059c43638d9e26322eff8b7b44d5.exe
File created	C:\Program Files (x86)\Google\Temp\GUM74F1.tmp\goopdateres_iw.dll	e0aaddf09edd7f4f4bce8a6cd2f906dcc294059c43638d9e26322eff8b7b44d5.exe
File created	C:\Program Files (x86)\Google\Temp\GUM74F1.tmp\goopdateres_lt.dll	e0aaddf09edd7f4f4bce8a6cd2f906dcc294059c43638d9e26322eff8b7b44d5.exe

Drops file in Windows directory 1 IoCs

description	ioc	Process
File opened for modification	C:\Windows\Microsoft.NET\Framework64\v4.0.30319\aspnet_state.exe	e0aaddf09edd7f4f4bce8a6cd2f906dcc294059c43638d9e26322eff8b7b44d5.exe

Suspicious use of AdjustPrivilegeToken 1 IoCs

description	pid	Process
Token: SeTakeOwnershipPrivilege	2772	e0aaddf09edd7f4f4bce8a6cd2f906dcc294059c43638d9e26322eff8b7b44d5.exe

C:\Users\Admin\AppData\Local\Temp\e0aaddf09edd7f4f4bce8a6cd2f906dcc294059c43638d9e26322eff8b7b44d5.exe
"C:\Users\Admin\AppData\Local\Temp\e0aaddf09edd7f4f4bce8a6cd2f906dcc294059c43638d9e26322eff8b7b44d5.exe"
1⤵
- Drops file in System32 directory
- Drops file in Program Files directory
- Drops file in Windows directory
- Suspicious use of AdjustPrivilegeToken
PID:2772

C:\Windows\System32\alg.exe
C:\Windows\System32\alg.exe
1⤵
- Executes dropped EXE
PID:2816

C:\Windows\Microsoft.NET\Framework64\v4.0.30319\aspnet_state.exe
C:\Windows\Microsoft.NET\Framework64\v4.0.30319\aspnet_state.exe
1⤵
- Executes dropped EXE
PID:2600

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Windows\Microsoft.NET\Framework64\v4.0.30319\aspnet_state.exe

Filesize
603KB

MD5
4cdedad0915257384f63d75c5f2abab7

SHA1
5fd87eb27f766e17dc5208cf4c69293f55882dd7

SHA256
ef6934b13b8ee69ffd73c4b02ad65a391e9a1b52b9e171f7f8346d2d4176749e

SHA512
2b570a9bb38d33ffaac56846fe24d2ca6aaf49f65a631a161bdb3ce29d13ca52c7c3cbc52869a29ed0cdf8ab4afd8f6cc59980282e19a9c9d36d0a5516e5d2e8

Download Submit
\Windows\System32\alg.exe

Filesize
644KB

MD5
390668176d6adeb15b94f62ef1aff5df

SHA1
b096fe69e7b1b1af6a2b237bb58f5ce0253b0038

SHA256
d3d5fc29fd71625e21f87a4ecfb786b76de222b03613b2ccd1217d01ddf5e905

SHA512
4733260fff58f5cb8c4b1d8c85f1c445af242af18fda1178df6d3ed6ccff5a72f721f273b5abd9237b97bd6d62da637898ce9dba6a755bcedd8e8c5ca7b679dc

Download Submit
memory/2600-53-0x0000000140000000-0x000000014009D000-memory.dmp

Filesize
628KB

Download
memory/2600-86-0x0000000000DD0000-0x0000000000E30000-memory.dmp

Filesize
384KB

Download
memory/2600-163-0x0000000140000000-0x000000014009D000-memory.dmp

Filesize
628KB

Download
memory/2772-0-0x0000000000400000-0x00000000005DB000-memory.dmp

Filesize
1.9MB

Download
memory/2772-1-0x00000000005E0000-0x0000000000647000-memory.dmp

Filesize
412KB

Download
memory/2772-7-0x00000000005E0000-0x0000000000647000-memory.dmp

Filesize
412KB

Download
memory/2772-161-0x0000000000400000-0x00000000005DB000-memory.dmp

Filesize
1.9MB

Download
memory/2816-24-0x0000000100000000-0x00000001000A4000-memory.dmp

Filesize
656KB

Download
memory/2816-162-0x0000000100000000-0x00000001000A4000-memory.dmp

Filesize
656KB

Download