Overview

overview

7

Static

static

3

86a4e008c5...1d.exe

windows7-x64

5

86a4e008c5...1d.exe

windows10-2004-x64

7

Analysis

  • max time kernel
    127s
  • max time network
    160s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20231215-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20231215-enlocale:en-usos:windows10-2004-x64system
  • submitted
    03-02-2024 01:32

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    86a4e008c5091f94dc3e640c5621faf485a81ef537d38d31154468059f83241d.exe

  • Size

    705KB

  • MD5

    045fc1796f69e9954300b5a6978e6f3c

  • SHA1

    cf796359d88b86e5456d418876f68995c8962ef0

  • SHA256

    86a4e008c5091f94dc3e640c5621faf485a81ef537d38d31154468059f83241d

  • SHA512

    15328690b1aecbfe14146e710a4dc780df91465f1a30962b3d086e78bf3ef0a047c8f155a3b74363edc74b37438aa6dd467c92f25766822fb39fb2b1e0b586d6

  • SSDEEP

    12288:pW9B+VnXc3ajG+hjQKymY8efKCpD7Gj9G6G1qT8nQkCu83L3Wl/np9DBDt3kbE:pW9BCsqjnhMgeiCl7G0nehbGZpbD

Score
7/10

Malware Config

Signatures

  • Executes dropped EXE 1 IoCs
  • Drops file in System32 directory 4 IoCs
  • Suspicious behavior: LoadsDriver 2 IoCs
  • Suspicious use of AdjustPrivilegeToken 1 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\86a4e008c5091f94dc3e640c5621faf485a81ef537d38d31154468059f83241d.exe
    "C:\Users\Admin\AppData\Local\Temp\86a4e008c5091f94dc3e640c5621faf485a81ef537d38d31154468059f83241d.exe"
    1⤵
    • Drops file in System32 directory
    • Suspicious use of AdjustPrivilegeToken
    PID:4676
  • C:\Windows\System32\alg.exe
    C:\Windows\System32\alg.exe
    1⤵
    • Executes dropped EXE
    PID:448

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Windows\System32\alg.exe
    Filesize

    661KB

    MD5

    c9cd69dc6ceb0639020cfe53e2cb5fc1

    SHA1

    ae8443c0c8ecb20b783e8af71d797dfeebc72aa6

    SHA256

    4d9626967862f848555ddab88fc7b83eb02aef08ff3923546e2fe90622b85201

    SHA512

    46dd4f00d60a88ac373d966eaeb17b3504b5df199729d3a34b19dc9331e299a27242b888bce2478767da30aeac56bb3fcac53ce5543a6d6a3f27b1198729f3b9

    Download Submit

  • memory/448-11-0x0000000140000000-0x00000001400AA000-memory.dmp

    Filesize

    680KB

    Download

  • memory/448-17-0x0000000140000000-0x00000001400AA000-memory.dmp

    Filesize

    680KB

    Download

  • memory/4676-0-0x0000000000400000-0x00000000004B5000-memory.dmp

    Filesize

    724KB

    Download

  • memory/4676-1-0x0000000000AC0000-0x0000000000B27000-memory.dmp

    Filesize

    412KB

    Download

  • memory/4676-6-0x0000000000AC0000-0x0000000000B27000-memory.dmp

    Filesize

    412KB

    Download

  • memory/4676-7-0x0000000000AC0000-0x0000000000B27000-memory.dmp

    Filesize

    412KB

    Download

  • memory/4676-16-0x0000000000400000-0x00000000004B5000-memory.dmp

    Filesize

    724KB

    Download