3bb50696fc2f55a72ec8863a5d3933d03057aed8acf2bde5f8ccd000dac0a480

Analysis

max time kernel
145s
max time network
149s
platform
windows10-2004_x64
resource
win10v2004-20231222-en
resource tags

arch:x64arch:x86image:win10v2004-20231222-enlocale:en-usos:windows10-2004-x64system
submitted
15-01-2024 04:31

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

3bb50696fc2f55a72ec8863a5d3933d03057aed8acf2bde5f8ccd000dac0a480.exe
Size

1.3MB
MD5

7f1f9bf38d4788eff998fe8c6807cc77
SHA1

791c5653e7d198f009e8f8d49e487895e32857f9
SHA256

3bb50696fc2f55a72ec8863a5d3933d03057aed8acf2bde5f8ccd000dac0a480
SHA512

34ba5eba0a2e94ff674c2568399010819e1a698989ce75e742e557f218729da0d4a6e0ef6df3bac54042a3fe77826ae4c57f138f3647c03c8f39f93726b8932f
SSDEEP

24576:R/CKABcaHsK+fM2jEaNZBqoeW7V6tGLfHtqls+0:RaKkcksDM2jh3BqS7YtGL/Als

Score

7^/10

Malware Config

Signatures

Executes dropped EXE 1 IoCs

pid	Process
3204	alg.exe

Drops file in System32 directory 1 IoCs

description	ioc	Process
File opened for modification	C:\Windows\System32\alg.exe	3bb50696fc2f55a72ec8863a5d3933d03057aed8acf2bde5f8ccd000dac0a480.exe

Suspicious use of AdjustPrivilegeToken 2 IoCs

description	pid	Process
Token: SeTakeOwnershipPrivilege	3116	3bb50696fc2f55a72ec8863a5d3933d03057aed8acf2bde5f8ccd000dac0a480.exe
Token: SeManageVolumePrivilege	3888	svchost.exe

C:\Users\Admin\AppData\Local\Temp\3bb50696fc2f55a72ec8863a5d3933d03057aed8acf2bde5f8ccd000dac0a480.exe
"C:\Users\Admin\AppData\Local\Temp\3bb50696fc2f55a72ec8863a5d3933d03057aed8acf2bde5f8ccd000dac0a480.exe"
1⤵
- Drops file in System32 directory
- Suspicious use of AdjustPrivilegeToken
PID:3116

C:\Windows\System32\alg.exe
C:\Windows\System32\alg.exe
1⤵
- Executes dropped EXE
PID:3204

C:\Windows\system32\rundll32.exe
"C:\Windows\system32\rundll32.exe" "C:\Windows\SYSTEM32\EDGEHTML.dll",#141 Microsoft.VCLibs.140.00_8wekyb3d8bbwe
1⤵
PID:5076

C:\Windows\System32\svchost.exe
C:\Windows\System32\svchost.exe -k UnistackSvcGroup
1⤵
- Suspicious use of AdjustPrivilegeToken
PID:3888

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Windows\System32\alg.exe

Filesize
92KB

MD5
0f859d0912109ac77cf5ce6469c724f1

SHA1
99c033e56f6d0c6f0149c4a1fce1076fc2b8612d

SHA256
8540748ec4a04042784a7c65f6c42bddb2539fa2d4ca1263bf331ed2e5e6975a

SHA512
fc7e720062230a19d79f0fcf2fbbb61e14c98ad36564ca72130ad513ac9e219dc0899744ff63075dccbe354a8d8d0062d96125fc2ce34375f7e8c1d2b1c0a155

Download Submit
memory/3116-6-0x0000000002450000-0x00000000024B7000-memory.dmp

Filesize
412KB

Download
memory/3116-7-0x0000000002450000-0x00000000024B7000-memory.dmp

Filesize
412KB

Download
memory/3116-0-0x0000000000400000-0x00000000005F7000-memory.dmp

Filesize
2.0MB

Download
memory/3116-13-0x0000000000400000-0x00000000005F7000-memory.dmp

Filesize
2.0MB

Download
memory/3116-1-0x0000000002450000-0x00000000024B7000-memory.dmp

Filesize
412KB

Download
memory/3204-15-0x0000000140000000-0x00000001401E9000-memory.dmp

Filesize
1.9MB

Download
memory/3204-16-0x0000000140000000-0x00000001401E9000-memory.dmp

Filesize
1.9MB

Download
memory/3888-17-0x000001C302840000-0x000001C302850000-memory.dmp

Filesize
64KB

Download
memory/3888-33-0x000001C302940000-0x000001C302950000-memory.dmp

Filesize
64KB

Download
memory/3888-49-0x000001C30AC40000-0x000001C30AC41000-memory.dmp

Filesize
4KB

Download
memory/3888-51-0x000001C30AC70000-0x000001C30AC71000-memory.dmp

Filesize
4KB

Download
memory/3888-52-0x000001C30AC70000-0x000001C30AC71000-memory.dmp

Filesize
4KB

Download
memory/3888-53-0x000001C30AD80000-0x000001C30AD81000-memory.dmp

Filesize
4KB

Download

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads