Analysis
-
max time kernel
139s -
max time network
149s -
platform
windows10-2004_x64 -
resource
win10v2004-20231215-en -
resource tags
arch:x64arch:x86image:win10v2004-20231215-enlocale:en-usos:windows10-2004-x64system -
submitted
25-01-2024 15:42
Static task
static1
1 signatures
Behavioral task
behavioral1
Sample
af613955ea410d7fe0e9c2f1e89f9e8b5cc20e58bc49442088002f8590ff0bd2.exe
Resource
win7-20231215-en
windows7-x64
0 signatures
150 seconds
General
-
Target
af613955ea410d7fe0e9c2f1e89f9e8b5cc20e58bc49442088002f8590ff0bd2.exe
-
Size
807KB
-
MD5
787e35ab33ff801b3025ca18ff22a345
-
SHA1
508647eecdd6c9f57eb65451d374a7144279ccb0
-
SHA256
af613955ea410d7fe0e9c2f1e89f9e8b5cc20e58bc49442088002f8590ff0bd2
-
SHA512
e83f0cbd4679ba869427c018e274e2903a2594dea4581630ef5a37765d7924e4e6173da642bb84add623d3bea993e4d87247df5940e5c29eb9d1d588ea13446d
-
SSDEEP
24576:+S0JJ07jSF+5JwXgb1081v3iYYKLJxNk:+Sk+CF+bmgb1+cxC
Malware Config
Signatures
-
Drops file in System32 directory 1 IoCs
Processes:
af613955ea410d7fe0e9c2f1e89f9e8b5cc20e58bc49442088002f8590ff0bd2.exedescription ioc process File opened for modification C:\Windows\System32\alg.exe af613955ea410d7fe0e9c2f1e89f9e8b5cc20e58bc49442088002f8590ff0bd2.exe -
Suspicious use of AdjustPrivilegeToken 1 IoCs
Processes:
af613955ea410d7fe0e9c2f1e89f9e8b5cc20e58bc49442088002f8590ff0bd2.exedescription pid process Token: SeTakeOwnershipPrivilege 1248 af613955ea410d7fe0e9c2f1e89f9e8b5cc20e58bc49442088002f8590ff0bd2.exe
Processes
Network
MITRE ATT&CK Matrix
Replay Monitor
Loading Replay Monitor...
Downloads
-
memory/1248-0-0x0000000140000000-0x00000001400CF000-memory.dmpFilesize
828KB
-
memory/1248-1-0x00000000020F0000-0x0000000002150000-memory.dmpFilesize
384KB
-
memory/1248-7-0x00000000020F0000-0x0000000002150000-memory.dmpFilesize
384KB
-
memory/1248-8-0x00000000020F0000-0x0000000002150000-memory.dmpFilesize
384KB
-
memory/1248-10-0x00000000020F0000-0x0000000002150000-memory.dmpFilesize
384KB
-
memory/1248-12-0x0000000140000000-0x00000001400CF000-memory.dmpFilesize
828KB