Overview

overview

7

Static

static

3

6ff3556284...e1.exe

windows7-x64

1

6ff3556284...e1.exe

windows10-2004-x64

7

Analysis

  • max time kernel
    149s
  • max time network
    151s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20240226-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20240226-enlocale:en-usos:windows10-2004-x64system
  • submitted
    16/03/2024, 08:58

Sharing

Copy URL Twitter E-mail
Report Analysis Logs

General

  • Target

    6ff3556284e421878f59115bd1d345a2ac17ba6c7e8972caf8947a003353ace1.exe

  • Size

    706KB

  • MD5

    aa69fa556ad198538d010630d70ee234

  • SHA1

    c9fb9d899ea3df611e3831ff0d493e3000d7c013

  • SHA256

    6ff3556284e421878f59115bd1d345a2ac17ba6c7e8972caf8947a003353ace1

  • SHA512

    497db4e81f5e00097b859d0d938cfe1a9321b6b008848feb06eaccc2e35f3f17fe5a1743638af31029e751e4513df2bfffd52fac1b9d28b77c08bc288b6ab95a

  • SSDEEP

    12288:fWiB+tcOe7qA2p2huV8ngoPy22OaXbQY/JaYfjYvT:fWiBX3r2p2gV8ng2P2OaXbQYxj

Score
7/10

Malware Config

Signatures

  • Executes dropped EXE 1 IoCs
  • Drops file in System32 directory 1 IoCs
  • Suspicious use of AdjustPrivilegeToken 1 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\6ff3556284e421878f59115bd1d345a2ac17ba6c7e8972caf8947a003353ace1.exe
    "C:\Users\Admin\AppData\Local\Temp\6ff3556284e421878f59115bd1d345a2ac17ba6c7e8972caf8947a003353ace1.exe"
    1⤵
    • Drops file in System32 directory
    • Suspicious use of AdjustPrivilegeToken
    PID:3548
  • C:\Windows\System32\alg.exe
    C:\Windows\System32\alg.exe
    1⤵
    • Executes dropped EXE
    PID:3364

Network

        MITRE ATT&CK Matrix

        Replay Monitor

        Loading Replay Monitor...

        Downloads

        • C:\Windows\System32\alg.exe
          Filesize

          661KB

          MD5

          027f1646269d7e3f6bd94e2678c6fefa

          SHA1

          137b053fb23f1c7d7054f14652495131b5a02875

          SHA256

          1f47c3141c84e8ed66d8f125b729a6b61e4daf71e326097900d8fff4babe8f67

          SHA512

          fd1369946310710c6de587d348ae9800fa5b870d97d6dcefc3cc077d82d468e56fedeed393d2f0e059af9e55111461af60dd1e62aa0ee54e348b5a2cb0ce359c

          Download Submit

        • memory/3364-13-0x0000000140000000-0x00000001400AA000-memory.dmp

          Filesize

          680KB

          Download

        • memory/3364-15-0x0000000140000000-0x00000001400AA000-memory.dmp

          Filesize

          680KB

          Download

        • memory/3548-0-0x0000000000400000-0x00000000004B5000-memory.dmp

          Filesize

          724KB

          Download

        • memory/3548-1-0x0000000000B70000-0x0000000000BD6000-memory.dmp

          Filesize

          408KB

          Download

        • memory/3548-6-0x0000000000B70000-0x0000000000BD6000-memory.dmp

          Filesize

          408KB

          Download

        • memory/3548-14-0x0000000000400000-0x00000000004B5000-memory.dmp

          Filesize

          724KB

          Download