Overview

overview

10

Static

static

3

bb73703213...a0.exe

windows7-x64

7

bb73703213...a0.exe

windows10-2004-x64

10

Analysis

  • max time kernel
    119s
  • max time network
    122s
  • platform
    windows7_x64
  • resource
    win7-20231215-en
  • resource tags

    arch:x64arch:x86image:win7-20231215-enlocale:en-usos:windows7-x64system
  • submitted
    25-01-2024 15:32

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    bb737032137078185195465cdfe7c9d864d5af6105952112a04359f02b286aa0.exe

  • Size

    1.1MB

  • MD5

    c9ebd15d274183485c36bf5f08624bc5

  • SHA1

    33130d5d3c1d8414fc2ec1773ac9d49cc8e0a589

  • SHA256

    bb737032137078185195465cdfe7c9d864d5af6105952112a04359f02b286aa0

  • SHA512

    ee3a0436d6548cb3c79e4b7bfd0e4c62011002adec2c8a0c1302c39f78f45ebf0ff24646058c8da6ffafb40269caab2c52b81f091cb588ff57b46a9a14dcf4bc

  • SSDEEP

    24576:uxR3RFMeR1Ei1iQiYWLg77R0uSF+5JwXgb1081v3iYYKLJxNk:O7R1Eui2Z77R0JF+bmgb1+cxC

Score
7/10

Malware Config

Signatures

  • Executes dropped EXE 2 IoCs
  • Drops file in System32 directory 1 IoCs
  • Drops file in Windows directory 1 IoCs
  • Program crash 1 IoCs
  • Suspicious use of AdjustPrivilegeToken 1 IoCs
  • Suspicious use of WriteProcessMemory 4 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\bb737032137078185195465cdfe7c9d864d5af6105952112a04359f02b286aa0.exe
    "C:\Users\Admin\AppData\Local\Temp\bb737032137078185195465cdfe7c9d864d5af6105952112a04359f02b286aa0.exe"
    1⤵
    • Drops file in System32 directory
    • Drops file in Windows directory
    • Suspicious use of AdjustPrivilegeToken
    • Suspicious use of WriteProcessMemory
    PID:2040
    • C:\Windows\SysWOW64\WerFault.exe
      C:\Windows\SysWOW64\WerFault.exe -u -p 2040 -s 360
      2⤵
      • Program crash
      PID:2036
  • C:\Windows\System32\alg.exe
    C:\Windows\System32\alg.exe
    1⤵
    • Executes dropped EXE
    PID:2680

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

  • \Windows\System32\alg.exe
    Filesize

    644KB

    MD5

    190ae049cc1667eab04ded3b85ed84ff

    SHA1

    332d0cac36a4ab4e2065780170d3d1b500e595c9

    SHA256

    6ef9f92b38ad7efd99fa1f485302e9f93fa93948a27bf6a55985dc6192131e42

    SHA512

    a295b5446f01581a514a07ece7526bf8544989594408af40d012b96b4e4c7ecbc086b99b4c380d86401576caa92846936c8cbe31e22c5ec851a787846f2ff441

    Download Submit
  • memory/2040-0-0x0000000000400000-0x0000000000519000-memory.dmp
    Filesize

    1.1MB

    Download
  • memory/2040-1-0x0000000000670000-0x00000000006D7000-memory.dmp
    Filesize

    412KB

    Download
  • memory/2040-7-0x0000000000670000-0x00000000006D7000-memory.dmp
    Filesize

    412KB

    Download
  • memory/2040-15-0x0000000000400000-0x0000000000519000-memory.dmp
    Filesize

    1.1MB

    Download
  • memory/2680-13-0x0000000100000000-0x00000001000A4000-memory.dmp
    Filesize

    656KB

    Download
  • memory/2680-16-0x0000000100000000-0x00000001000A4000-memory.dmp
    Filesize

    656KB

    Download