Analysis
-
max time kernel
119s -
max time network
122s -
platform
windows7_x64 -
resource
win7-20231215-en -
resource tags
arch:x64arch:x86image:win7-20231215-enlocale:en-usos:windows7-x64system -
submitted
25-01-2024 16:03
Static task
static1
Behavioral task
behavioral1
Sample
26d4800081efd88d96cb564dc2cbca3ecf40aa357302b152efec8fd3d3cbadd8.exe
Resource
win7-20231215-en
General
-
Target
26d4800081efd88d96cb564dc2cbca3ecf40aa357302b152efec8fd3d3cbadd8.exe
-
Size
598KB
-
MD5
c3b5d72db79281a010c211e101e00984
-
SHA1
f8f583a3ba99f851d1b741bebdbd2cfb5d67b9d7
-
SHA256
26d4800081efd88d96cb564dc2cbca3ecf40aa357302b152efec8fd3d3cbadd8
-
SHA512
fa9c3605fe7d0341d6a250bebee692159bc19d8381f91e999f20ee03e96a5cbd5dfe6edc5c482b5903155fd17918da330b008ac508a872fc455d505f9c638e1b
-
SSDEEP
12288:HV+iSF+5v9vsb+zpwYcUutCDb4QK608Badqv31NUdYYKYAJxgy+Hwjq:HnSF+5JwXgb1081v3iYYKLJxNk
Malware Config
Signatures
-
Executes dropped EXE 2 IoCs
Processes:
alg.exepid process 468 2456 alg.exe -
Drops file in System32 directory 1 IoCs
Processes:
26d4800081efd88d96cb564dc2cbca3ecf40aa357302b152efec8fd3d3cbadd8.exedescription ioc process File opened for modification C:\Windows\System32\alg.exe 26d4800081efd88d96cb564dc2cbca3ecf40aa357302b152efec8fd3d3cbadd8.exe -
Suspicious use of AdjustPrivilegeToken 1 IoCs
Processes:
26d4800081efd88d96cb564dc2cbca3ecf40aa357302b152efec8fd3d3cbadd8.exedescription pid process Token: SeTakeOwnershipPrivilege 2172 26d4800081efd88d96cb564dc2cbca3ecf40aa357302b152efec8fd3d3cbadd8.exe -
Suspicious use of SetWindowsHookEx 2 IoCs
Processes:
26d4800081efd88d96cb564dc2cbca3ecf40aa357302b152efec8fd3d3cbadd8.exepid process 2172 26d4800081efd88d96cb564dc2cbca3ecf40aa357302b152efec8fd3d3cbadd8.exe 2172 26d4800081efd88d96cb564dc2cbca3ecf40aa357302b152efec8fd3d3cbadd8.exe
Processes
-
C:\Users\Admin\AppData\Local\Temp\26d4800081efd88d96cb564dc2cbca3ecf40aa357302b152efec8fd3d3cbadd8.exe"C:\Users\Admin\AppData\Local\Temp\26d4800081efd88d96cb564dc2cbca3ecf40aa357302b152efec8fd3d3cbadd8.exe"1⤵
- Drops file in System32 directory
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of SetWindowsHookEx
PID:2172
-
C:\Windows\System32\alg.exeC:\Windows\System32\alg.exe1⤵
- Executes dropped EXE
PID:2456
Network
MITRE ATT&CK Matrix
Replay Monitor
Loading Replay Monitor...
Downloads
-
\Windows\System32\alg.exeFilesize
644KB
MD5b54c1c782aa931c97e1d712eba3e3939
SHA10c9a2ab2068ec2de16f1fc3be88a70357ac9474b
SHA2563bd6041848b6406e9760d994b511905a90c8313a42f4236368cb8a479c800a98
SHA512fefc34be8da686815b9bd5454d9c9fbbf4a7685ffa41182bcb6f2aba50ca9145cb9537bb6bf73926b682061d33dd9e577ef63683813ac1e303564f83c7704eae
-
memory/2172-0-0x0000000140000000-0x0000000140099000-memory.dmpFilesize
612KB
-
memory/2172-1-0x0000000001C90000-0x0000000001CF0000-memory.dmpFilesize
384KB
-
memory/2172-7-0x0000000001C90000-0x0000000001CF0000-memory.dmpFilesize
384KB
-
memory/2172-11-0x0000000001C90000-0x0000000001CF0000-memory.dmpFilesize
384KB
-
memory/2172-15-0x0000000140000000-0x0000000140099000-memory.dmpFilesize
612KB
-
memory/2456-16-0x0000000100000000-0x00000001000A4000-memory.dmpFilesize
656KB
-
memory/2456-17-0x0000000100000000-0x00000001000A4000-memory.dmpFilesize
656KB