Overview

overview

10

Static

static

3

26d4800081...d8.exe

windows7-x64

7

26d4800081...d8.exe

windows10-2004-x64

10

Analysis

  • max time kernel
    119s
  • max time network
    122s
  • platform
    windows7_x64
  • resource
    win7-20231215-en
  • resource tags

    arch:x64arch:x86image:win7-20231215-enlocale:en-usos:windows7-x64system
  • submitted
    25-01-2024 16:03

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    26d4800081efd88d96cb564dc2cbca3ecf40aa357302b152efec8fd3d3cbadd8.exe

  • Size

    598KB

  • MD5

    c3b5d72db79281a010c211e101e00984

  • SHA1

    f8f583a3ba99f851d1b741bebdbd2cfb5d67b9d7

  • SHA256

    26d4800081efd88d96cb564dc2cbca3ecf40aa357302b152efec8fd3d3cbadd8

  • SHA512

    fa9c3605fe7d0341d6a250bebee692159bc19d8381f91e999f20ee03e96a5cbd5dfe6edc5c482b5903155fd17918da330b008ac508a872fc455d505f9c638e1b

  • SSDEEP

    12288:HV+iSF+5v9vsb+zpwYcUutCDb4QK608Badqv31NUdYYKYAJxgy+Hwjq:HnSF+5JwXgb1081v3iYYKLJxNk

Score
7/10

Malware Config

Signatures

  • Executes dropped EXE 2 IoCs
  • Drops file in System32 directory 1 IoCs
  • Suspicious use of AdjustPrivilegeToken 1 IoCs
  • Suspicious use of SetWindowsHookEx 2 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\26d4800081efd88d96cb564dc2cbca3ecf40aa357302b152efec8fd3d3cbadd8.exe
    "C:\Users\Admin\AppData\Local\Temp\26d4800081efd88d96cb564dc2cbca3ecf40aa357302b152efec8fd3d3cbadd8.exe"
    1⤵
    • Drops file in System32 directory
    • Suspicious use of AdjustPrivilegeToken
    • Suspicious use of SetWindowsHookEx
    PID:2172
  • C:\Windows\System32\alg.exe
    C:\Windows\System32\alg.exe
    1⤵
    • Executes dropped EXE
    PID:2456

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

  • \Windows\System32\alg.exe
    Filesize

    644KB

    MD5

    b54c1c782aa931c97e1d712eba3e3939

    SHA1

    0c9a2ab2068ec2de16f1fc3be88a70357ac9474b

    SHA256

    3bd6041848b6406e9760d994b511905a90c8313a42f4236368cb8a479c800a98

    SHA512

    fefc34be8da686815b9bd5454d9c9fbbf4a7685ffa41182bcb6f2aba50ca9145cb9537bb6bf73926b682061d33dd9e577ef63683813ac1e303564f83c7704eae

    Download Submit
  • memory/2172-0-0x0000000140000000-0x0000000140099000-memory.dmp
    Filesize

    612KB

    Download
  • memory/2172-1-0x0000000001C90000-0x0000000001CF0000-memory.dmp
    Filesize

    384KB

    Download
  • memory/2172-7-0x0000000001C90000-0x0000000001CF0000-memory.dmp
    Filesize

    384KB

    Download
  • memory/2172-11-0x0000000001C90000-0x0000000001CF0000-memory.dmp
    Filesize

    384KB

    Download
  • memory/2172-15-0x0000000140000000-0x0000000140099000-memory.dmp
    Filesize

    612KB

    Download
  • memory/2456-16-0x0000000100000000-0x00000001000A4000-memory.dmp
    Filesize

    656KB

    Download
  • memory/2456-17-0x0000000100000000-0x00000001000A4000-memory.dmp
    Filesize

    656KB

    Download