eecd0f31567ec59f05f1ab63888b9c0fc82a7d22ae6c05013526e9e9b1859bcd

Analysis

max time kernel
180s
max time network
196s
platform
windows10-2004_x64
resource
win10v2004-20231215-en
resource tags

arch:x64arch:x86image:win10v2004-20231215-enlocale:en-usos:windows10-2004-x64system
submitted
19/01/2024, 01:34

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

eecd0f31567ec59f05f1ab63888b9c0fc82a7d22ae6c05013526e9e9b1859bcd.exe
Size

1.6MB
MD5

f40d4de5f30d771fe56e0e367935a266
SHA1

98326ba6e52770b90fc9966926ec882465808f48
SHA256

eecd0f31567ec59f05f1ab63888b9c0fc82a7d22ae6c05013526e9e9b1859bcd
SHA512

14b47d1bc028b5013ce1ef60ba224e8c4b26250c597730033f8f52989419acd043b76496438bc9f9dc78f670105f6e16997681bd0a65baf44769ee7529c8ad93
SSDEEP

24576:dF9B74tmWPJmW++N5+pQv2HDidvuX6nXfAd:dN4PJD++N5+pKsDidGAXf+

Score

7^/10

Malware Config

Signatures

Executes dropped EXE 6 IoCs

pid	Process
4384	alg.exe
3068	DiagnosticsHub.StandardCollector.Service.exe
456	elevation_service.exe
3588	elevation_service.exe
876	maintenanceservice.exe
5068	OSE.EXE

Drops file in System32 directory 7 IoCs

description	ioc	Process
File opened for modification	C:\Windows\system32\DiagSvcs\DiagnosticsHub.StandardCollector.Service.exe	eecd0f31567ec59f05f1ab63888b9c0fc82a7d22ae6c05013526e9e9b1859bcd.exe
File opened for modification	C:\Windows\system32\AppVClient.exe	DiagnosticsHub.StandardCollector.Service.exe
File opened for modification	C:\Windows\system32\dllhost.exe	DiagnosticsHub.StandardCollector.Service.exe
File opened for modification	C:\Windows\system32\config\systemprofile\AppData\Roaming\bb19ad8cc92b1ccd.bin	DiagnosticsHub.StandardCollector.Service.exe
File opened for modification	C:\Windows\System32\alg.exe	eecd0f31567ec59f05f1ab63888b9c0fc82a7d22ae6c05013526e9e9b1859bcd.exe
File opened for modification	C:\Windows\system32\AppVClient.exe	eecd0f31567ec59f05f1ab63888b9c0fc82a7d22ae6c05013526e9e9b1859bcd.exe
File opened for modification	C:\Windows\system32\dllhost.exe	eecd0f31567ec59f05f1ab63888b9c0fc82a7d22ae6c05013526e9e9b1859bcd.exe

Drops file in Program Files directory 64 IoCs

description	ioc	Process
File opened for modification	C:\Program Files\Java\jdk-1.8\bin\javadoc.exe	DiagnosticsHub.StandardCollector.Service.exe
File opened for modification	C:\Program Files\Java\jdk-1.8\bin\pack200.exe	DiagnosticsHub.StandardCollector.Service.exe
File opened for modification	C:\Program Files\Java\jre-1.8\bin\java-rmi.exe	DiagnosticsHub.StandardCollector.Service.exe
File opened for modification	C:\Program Files\Mozilla Firefox\plugin-container.exe	DiagnosticsHub.StandardCollector.Service.exe
File opened for modification	C:\Program Files\Common Files\microsoft shared\ClickToRun\appvcleaner.exe	DiagnosticsHub.StandardCollector.Service.exe
File opened for modification	C:\Program Files\Common Files\microsoft shared\ClickToRun\IntegratedOffice.exe	DiagnosticsHub.StandardCollector.Service.exe
File opened for modification	C:\Program Files\Common Files\microsoft shared\ink\InputPersonalization.exe	DiagnosticsHub.StandardCollector.Service.exe
File opened for modification	C:\Program Files\Google\Chrome\Application\106.0.5249.119\Installer\chrmstp.exe	DiagnosticsHub.StandardCollector.Service.exe
File opened for modification	C:\Program Files\Java\jdk-1.8\bin\wsgen.exe	DiagnosticsHub.StandardCollector.Service.exe
File opened for modification	C:\Program Files\Java\jre-1.8\bin\klist.exe	DiagnosticsHub.StandardCollector.Service.exe
File opened for modification	C:\Program Files\Common Files\microsoft shared\OFFICE16\LICLUA.EXE	DiagnosticsHub.StandardCollector.Service.exe
File opened for modification	C:\Program Files\Internet Explorer\ExtExport.exe	DiagnosticsHub.StandardCollector.Service.exe
File opened for modification	C:\Program Files\Java\jdk-1.8\bin\extcheck.exe	DiagnosticsHub.StandardCollector.Service.exe
File opened for modification	C:\Program Files\Java\jdk-1.8\bin\jabswitch.exe	DiagnosticsHub.StandardCollector.Service.exe
File opened for modification	C:\Program Files\Java\jdk-1.8\jre\bin\servertool.exe	DiagnosticsHub.StandardCollector.Service.exe
File opened for modification	C:\Program Files\Java\jre-1.8\bin\pack200.exe	DiagnosticsHub.StandardCollector.Service.exe
File opened for modification	C:\Program Files\Mozilla Firefox\crashreporter.exe	DiagnosticsHub.StandardCollector.Service.exe
File opened for modification	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroBroker.exe	DiagnosticsHub.StandardCollector.Service.exe
File opened for modification	C:\Program Files\Google\Chrome\Application\chrome_proxy.exe	DiagnosticsHub.StandardCollector.Service.exe
File opened for modification	C:\Program Files\Java\jdk-1.8\bin\idlj.exe	DiagnosticsHub.StandardCollector.Service.exe
File opened for modification	C:\Program Files\Java\jdk-1.8\bin\javac.exe	DiagnosticsHub.StandardCollector.Service.exe
File opened for modification	C:\Program Files\Java\jdk-1.8\bin\jdb.exe	DiagnosticsHub.StandardCollector.Service.exe
File opened for modification	C:\Program Files\Java\jre-1.8\bin\policytool.exe	DiagnosticsHub.StandardCollector.Service.exe
File opened for modification	C:\Program Files\Java\jre-1.8\bin\kinit.exe	DiagnosticsHub.StandardCollector.Service.exe
File opened for modification	C:\Program Files\Java\jre-1.8\bin\rmid.exe	DiagnosticsHub.StandardCollector.Service.exe
File opened for modification	C:\Program Files\Java\jre-1.8\bin\servertool.exe	DiagnosticsHub.StandardCollector.Service.exe
File opened for modification	C:\Program Files\Google\Chrome\Application\106.0.5249.119\notification_helper.exe	DiagnosticsHub.StandardCollector.Service.exe
File opened for modification	C:\Program Files\Java\jdk-1.8\bin\jhat.exe	DiagnosticsHub.StandardCollector.Service.exe
File opened for modification	C:\Program Files\Java\jdk-1.8\bin\keytool.exe	DiagnosticsHub.StandardCollector.Service.exe
File opened for modification	C:\Program Files\Java\jdk-1.8\jre\bin\jabswitch.exe	DiagnosticsHub.StandardCollector.Service.exe
File opened for modification	C:\Program Files\Internet Explorer\ieinstal.exe	DiagnosticsHub.StandardCollector.Service.exe
File opened for modification	C:\Program Files\Java\jdk-1.8\bin\java-rmi.exe	DiagnosticsHub.StandardCollector.Service.exe
File opened for modification	C:\Program Files\Java\jdk-1.8\jre\bin\tnameserv.exe	DiagnosticsHub.StandardCollector.Service.exe
File opened for modification	C:\Program Files\Java\jdk-1.8\bin\jcmd.exe	DiagnosticsHub.StandardCollector.Service.exe
File opened for modification	C:\Program Files\Java\jdk-1.8\bin\wsimport.exe	DiagnosticsHub.StandardCollector.Service.exe
File opened for modification	C:\Program Files\Java\jdk-1.8\jre\bin\keytool.exe	DiagnosticsHub.StandardCollector.Service.exe
File opened for modification	C:\Program Files\Mozilla Firefox\uninstall\helper.exe	DiagnosticsHub.StandardCollector.Service.exe
File opened for modification	C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\elevation_service.exe	DiagnosticsHub.StandardCollector.Service.exe
File opened for modification	C:\Program Files\VideoLAN\VLC\vlc-cache-gen.exe	DiagnosticsHub.StandardCollector.Service.exe
File opened for modification	C:\Program Files\VideoLAN\VLC\uninstall.exe	DiagnosticsHub.StandardCollector.Service.exe
File created	C:\Program Files (x86)\Mozilla Maintenance Service\logs\maintenanceservice.log	maintenanceservice.exe
File opened for modification	C:\Program Files\Internet Explorer\iediagcmd.exe	DiagnosticsHub.StandardCollector.Service.exe
File opened for modification	C:\Program Files\Java\jdk-1.8\bin\javafxpackager.exe	DiagnosticsHub.StandardCollector.Service.exe
File opened for modification	C:\Program Files\Java\jdk-1.8\bin\javaws.exe	DiagnosticsHub.StandardCollector.Service.exe
File opened for modification	C:\Program Files\7-Zip\7z.exe	DiagnosticsHub.StandardCollector.Service.exe
File opened for modification	C:\Program Files\VideoLAN\VLC\vlc.exe	DiagnosticsHub.StandardCollector.Service.exe
File opened for modification	C:\Program Files\Java\jdk-1.8\bin\xjc.exe	DiagnosticsHub.StandardCollector.Service.exe
File opened for modification	C:\Program Files\Java\jdk-1.8\jre\bin\rmiregistry.exe	DiagnosticsHub.StandardCollector.Service.exe
File opened for modification	C:\Program Files\Java\jre-1.8\bin\jabswitch.exe	DiagnosticsHub.StandardCollector.Service.exe
File opened for modification	C:\Program Files\Java\jre-1.8\bin\javaw.exe	DiagnosticsHub.StandardCollector.Service.exe
File opened for modification	C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe	DiagnosticsHub.StandardCollector.Service.exe
File opened for modification	C:\Program Files\Java\jdk-1.8\bin\appletviewer.exe	DiagnosticsHub.StandardCollector.Service.exe
File opened for modification	C:\Program Files\Java\jdk-1.8\bin\native2ascii.exe	DiagnosticsHub.StandardCollector.Service.exe
File opened for modification	C:\Program Files\Java\jdk-1.8\bin\unpack200.exe	DiagnosticsHub.StandardCollector.Service.exe
File opened for modification	C:\Program Files\Java\jre-1.8\bin\tnameserv.exe	DiagnosticsHub.StandardCollector.Service.exe
File opened for modification	C:\Program Files\Mozilla Firefox\maintenanceservice_installer.exe	DiagnosticsHub.StandardCollector.Service.exe
File opened for modification	C:\Program Files\Mozilla Firefox\private_browsing.exe	DiagnosticsHub.StandardCollector.Service.exe
File opened for modification	C:\Program Files\Common Files\microsoft shared\ClickToRun\MavInject32.exe	DiagnosticsHub.StandardCollector.Service.exe
File opened for modification	C:\Program Files\Java\jdk-1.8\bin\jinfo.exe	DiagnosticsHub.StandardCollector.Service.exe
File opened for modification	C:\Program Files\Java\jdk-1.8\bin\jps.exe	DiagnosticsHub.StandardCollector.Service.exe
File opened for modification	C:\Program Files\Mozilla Firefox\default-browser-agent.exe	DiagnosticsHub.StandardCollector.Service.exe
File opened for modification	C:\Program Files\Java\jre-1.8\bin\ktab.exe	DiagnosticsHub.StandardCollector.Service.exe
File opened for modification	C:\Program Files\Java\jre-1.8\bin\orbd.exe	DiagnosticsHub.StandardCollector.Service.exe
File opened for modification	C:\Program Files\Java\jre-1.8\bin\unpack200.exe	DiagnosticsHub.StandardCollector.Service.exe

Suspicious behavior: LoadsDriver 2 IoCs

pid	Process
672	Process not Found
672	Process not Found

Suspicious use of AdjustPrivilegeToken 1 IoCs

description	pid	Process
Token: SeTakeOwnershipPrivilege	404	eecd0f31567ec59f05f1ab63888b9c0fc82a7d22ae6c05013526e9e9b1859bcd.exe

C:\Users\Admin\AppData\Local\Temp\eecd0f31567ec59f05f1ab63888b9c0fc82a7d22ae6c05013526e9e9b1859bcd.exe
"C:\Users\Admin\AppData\Local\Temp\eecd0f31567ec59f05f1ab63888b9c0fc82a7d22ae6c05013526e9e9b1859bcd.exe"
1⤵
- Drops file in System32 directory
- Suspicious use of AdjustPrivilegeToken
PID:404

C:\Windows\System32\alg.exe
C:\Windows\System32\alg.exe
1⤵
- Executes dropped EXE
PID:4384

C:\Windows\system32\DiagSvcs\DiagnosticsHub.StandardCollector.Service.exe
C:\Windows\system32\DiagSvcs\DiagnosticsHub.StandardCollector.Service.exe
1⤵
- Executes dropped EXE
- Drops file in System32 directory
- Drops file in Program Files directory
PID:3068

C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe"
1⤵
- Executes dropped EXE
PID:456

C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\elevation_service.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\elevation_service.exe"
1⤵
- Executes dropped EXE
PID:3588

C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe
"C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe"
1⤵
- Executes dropped EXE
- Drops file in Program Files directory
PID:876

\??\c:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE
"c:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE"
1⤵
- Executes dropped EXE
PID:5068

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\elevation_service.exe

Filesize
2.1MB

MD5
32bb7cf09a466455fb2e3a6d5e259461

SHA1
20292223c350730bc09becd69c0ca998f3de0371

SHA256
9fabab6e8530c50b6dafe0c09203d47fab2933eecb7e1155d0d005ddfe945ca8

SHA512
1be492378fc6ba4fb56f87930d9bf05ba3a7b4a9a6db496e9343cdd01e6d9169819269157fe14219964a8e8c6d56ad6d262450816acafd66e6e9dbb1f4083fd3

Download Submit
C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe

Filesize
1.7MB

MD5
2643c6bb312527cdbbeaa028215e1ba1

SHA1
903dfe8c711b963b81e2e33b83529c9014b42370

SHA256
19c23a50f65a83df67726eab953a8e618339cfbe952c252e1cd393b9e67913c5

SHA512
c1dd2a18b645db98b881e469325cb71206c8e3b88d8e379ff6f630c5bef185e583835ccf12bd8147ce4ed5d39390b4b326b62b07eb48c52aa940efbf85f769e8

Download Submit
C:\Program Files\Common Files\microsoft shared\Source Engine\OSE.EXE

Filesize
1.7MB

MD5
cc448c1ff6775fd64c3438836e1096f4

SHA1
4b7a849a0fb5a78a0da2b90a6872ead1a44155bd

SHA256
f7991be260d052c11c8593eb257c0c2264444b48e3cbc7b5446c487f006665be

SHA512
a925975d510cb278f7b3b240b93bff25e8a67dd6ebd9f70f6c6c4746eac5d9d676178d5d59e7d95fafad6603cc91f674746e1125ef060f126471358c2068af0a

Download Submit
C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe

Filesize
2.1MB

MD5
06347bf07275ec9705b7283bd45d8012

SHA1
ee4c3423f5c7c59e25288f2aa80d4bbf7873505f

SHA256
ce7f12055f98496e1c97f6a3ce571c9b66dd25f9ad94222f0332b5bc494ade7e

SHA512
cf0c5625339ef2ac32bc0a09263995e7144e44088a4430b05602e119a638833c6f4e75187a9cb2759544a569b737bfa5d6df9da1cf2a9b2cdcd4d6709d5e71c5

Download Submit
C:\Windows\System32\DiagSvcs\DiagnosticsHub.StandardCollector.Service.exe

Filesize
1.6MB

MD5
338f5a7b8e9a55696092e60f29e4aa93

SHA1
b69c1cc5ac023512c43d647ccdb55c9400b90e98

SHA256
8654634d229fb9ad6bdbac0578c0a425474d0b6b5b36520e01271d6fcd1fb860

SHA512
c3c14e1202ea2a10102332c9957d556cfa752115897f987556565b75fde17e0db0f764caa719e3a45c17fdc966639ebda2581a930527b37ba0f56e84d13b42e2

Download Submit
C:\Windows\System32\alg.exe

Filesize
1.6MB

MD5
0fddda576853fb4d18695a157eaa0e22

SHA1
157a841c66040966980ee4ba02ef2ba6af9a783a

SHA256
5ad2b2d325e7ad4b2b882eb6daea4fe3f008393fac39614b20337b89d939a89e

SHA512
84304e6ccf20c3f6cecbb4752962f0751489800468922c3ec4c53be78c9de6d230b287d4758682d9e2bf6e14fd480d93a6afea98ea429339a68a46ed403c6d00

Download Submit
C:\Windows\system32\AppVClient.exe

Filesize
1.3MB

MD5
6cd584f52c2ac0dd896af2be9245c0c7

SHA1
64e8415bfb6d755d3cc11ce124947a99a26d016f

SHA256
a6931ff1e1de8481cf76a27c990a34e81ca995eeaba99abbebe02e44125b5e66

SHA512
b0a899c0d8f8013ab2c1c982f8e9dab659228e8798854db071ad63e5a631a6a55b1368230a9b48ac210d6917debbabb48f8b19bcdd4b6c81ac08f871d44dd8e5

Download Submit
memory/404-19-0x0000000000400000-0x00000000005AA000-memory.dmp

Filesize
1.7MB

Download
memory/404-0-0x0000000000400000-0x00000000005AA000-memory.dmp

Filesize
1.7MB

Download
memory/404-7-0x0000000002440000-0x00000000024A6000-memory.dmp

Filesize
408KB

Download
memory/404-6-0x0000000002440000-0x00000000024A6000-memory.dmp

Filesize
408KB

Download
memory/404-42-0x0000000000400000-0x00000000005AA000-memory.dmp

Filesize
1.7MB

Download
memory/404-1-0x0000000002440000-0x00000000024A6000-memory.dmp

Filesize
408KB

Download
memory/456-101-0x0000000140000000-0x0000000140237000-memory.dmp

Filesize
2.2MB

Download
memory/456-33-0x0000000140000000-0x0000000140237000-memory.dmp

Filesize
2.2MB

Download
memory/456-34-0x0000000000DA0000-0x0000000000E00000-memory.dmp

Filesize
384KB

Download
memory/456-40-0x0000000000DA0000-0x0000000000E00000-memory.dmp

Filesize
384KB

Download
memory/876-67-0x0000000001A50000-0x0000000001AB0000-memory.dmp

Filesize
384KB

Download
memory/876-58-0x0000000001A50000-0x0000000001AB0000-memory.dmp

Filesize
384KB

Download
memory/876-69-0x0000000140000000-0x00000001401C0000-memory.dmp

Filesize
1.8MB

Download
memory/876-64-0x0000000001A50000-0x0000000001AB0000-memory.dmp

Filesize
384KB

Download
memory/876-57-0x0000000140000000-0x00000001401C0000-memory.dmp

Filesize
1.8MB

Download
memory/3068-26-0x00000000006A0000-0x0000000000700000-memory.dmp

Filesize
384KB

Download
memory/3068-22-0x0000000140000000-0x000000014019E000-memory.dmp

Filesize
1.6MB

Download
memory/3068-89-0x0000000140000000-0x000000014019E000-memory.dmp

Filesize
1.6MB

Download
memory/3068-18-0x00000000006A0000-0x0000000000700000-memory.dmp

Filesize
384KB

Download
memory/3068-27-0x00000000006A0000-0x0000000000700000-memory.dmp

Filesize
384KB

Download
memory/3588-46-0x00000000001A0000-0x0000000000200000-memory.dmp

Filesize
384KB

Download
memory/3588-45-0x0000000140000000-0x000000014022B000-memory.dmp

Filesize
2.2MB

Download
memory/3588-52-0x00000000001A0000-0x0000000000200000-memory.dmp

Filesize
384KB

Download
memory/3588-53-0x00000000001A0000-0x0000000000200000-memory.dmp

Filesize
384KB

Download
memory/3588-144-0x0000000140000000-0x000000014022B000-memory.dmp

Filesize
2.2MB

Download
memory/4384-80-0x0000000140000000-0x000000014019F000-memory.dmp

Filesize
1.6MB

Download
memory/4384-12-0x0000000140000000-0x000000014019F000-memory.dmp

Filesize
1.6MB

Download
memory/5068-73-0x0000000140000000-0x00000001401C5000-memory.dmp

Filesize
1.8MB

Download
memory/5068-72-0x00000000006F0000-0x0000000000750000-memory.dmp

Filesize
384KB

Download
memory/5068-79-0x00000000006F0000-0x0000000000750000-memory.dmp

Filesize
384KB

Download
memory/5068-154-0x0000000140000000-0x00000001401C5000-memory.dmp

Filesize
1.8MB

Download