f1e7ea6ba820264681a9c214476e0f8962aec14965a21552a7c6518c825a6845

Analysis

max time kernel
150s
max time network
153s
platform
windows10-2004_x64
resource
win10v2004-20240226-en
resource tags

arch:x64arch:x86image:win10v2004-20240226-enlocale:en-usos:windows10-2004-x64system
submitted
06/04/2024, 14:59 UTC

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

f1e7ea6ba820264681a9c214476e0f8962aec14965a21552a7c6518c825a6845.exe
Size

1.3MB
MD5

d9d03de9a09de23aba63c42f54015e02
SHA1

d9e456ddcb6adcf8b818832c4c4be480633ca5a5
SHA256

f1e7ea6ba820264681a9c214476e0f8962aec14965a21552a7c6518c825a6845
SHA512

49f06dfcd6e36e048b7345df11d149c094fa8e4c47896abd2c4c14932cf8db77a4a42138e32af903d5a26ea8dae8da7f1522bacbc0962e01e22f7dfd09085c78
SSDEEP

24576:EW9BIl11tmlNQ2OnBdFQtP51llPup33kT:ESs11tmlNQ2ayVup3

Score

7^/10

Malware Config

Signatures

Executes dropped EXE 1 IoCs

pid	Process
3880	alg.exe

Drops file in System32 directory 1 IoCs

description	ioc	Process
File opened for modification	C:\Windows\System32\alg.exe	f1e7ea6ba820264681a9c214476e0f8962aec14965a21552a7c6518c825a6845.exe

Suspicious use of AdjustPrivilegeToken 1 IoCs

description	pid	Process
Token: SeTakeOwnershipPrivilege	856	f1e7ea6ba820264681a9c214476e0f8962aec14965a21552a7c6518c825a6845.exe

C:\Users\Admin\AppData\Local\Temp\f1e7ea6ba820264681a9c214476e0f8962aec14965a21552a7c6518c825a6845.exe
"C:\Users\Admin\AppData\Local\Temp\f1e7ea6ba820264681a9c214476e0f8962aec14965a21552a7c6518c825a6845.exe"
1⤵
- Drops file in System32 directory
- Suspicious use of AdjustPrivilegeToken
PID:856

C:\Windows\System32\alg.exe
C:\Windows\System32\alg.exe
1⤵
- Executes dropped EXE
PID:3880

Network

DNS

232.168.11.51.in-addr.arpa

Remote address:

8.8.8.8:53

Request

232.168.11.51.in-addr.arpa

IN PTR

Response
DNS

219.135.221.88.in-addr.arpa

Remote address:

8.8.8.8:53

Request

219.135.221.88.in-addr.arpa

IN PTR

Response

219.135.221.88.in-addr.arpa

IN PTR

a88-221-135-219deploystaticakamaitechnologiescom
DNS

22.160.190.20.in-addr.arpa

Remote address:

8.8.8.8:53

Request

22.160.190.20.in-addr.arpa

IN PTR

Response
DNS

209.205.72.20.in-addr.arpa

Remote address:

8.8.8.8:53

Request

209.205.72.20.in-addr.arpa

IN PTR

Response
DNS

103.169.127.40.in-addr.arpa

Remote address:

8.8.8.8:53

Request

103.169.127.40.in-addr.arpa

IN PTR

Response
DNS

15.164.165.52.in-addr.arpa

Remote address:

8.8.8.8:53

Request

15.164.165.52.in-addr.arpa

IN PTR

Response
DNS

28.143.109.104.in-addr.arpa

Remote address:

8.8.8.8:53

Request

28.143.109.104.in-addr.arpa

IN PTR

Response

28.143.109.104.in-addr.arpa

IN PTR

a104-109-143-28deploystaticakamaitechnologiescom
DNS

249.197.17.2.in-addr.arpa

Remote address:

8.8.8.8:53

Request

249.197.17.2.in-addr.arpa

IN PTR

Response

249.197.17.2.in-addr.arpa

IN PTR

a2-17-197-249deploystaticakamaitechnologiescom
DNS

240.197.17.2.in-addr.arpa

Remote address:

8.8.8.8:53

Request

240.197.17.2.in-addr.arpa

IN PTR

Response

240.197.17.2.in-addr.arpa

IN PTR

a2-17-197-240deploystaticakamaitechnologiescom
DNS

21.236.111.52.in-addr.arpa

Remote address:

8.8.8.8:53

Request

21.236.111.52.in-addr.arpa

IN PTR

Response

No results found

8.8.8.8:53

232.168.11.51.in-addr.arpa

dns

72 B
158 B
1
1

DNS Request

232.168.11.51.in-addr.arpa
8.8.8.8:53

219.135.221.88.in-addr.arpa

dns

73 B
139 B
1
1

DNS Request

219.135.221.88.in-addr.arpa
8.8.8.8:53

22.160.190.20.in-addr.arpa

dns

72 B
158 B
1
1

DNS Request

22.160.190.20.in-addr.arpa
8.8.8.8:53

209.205.72.20.in-addr.arpa

dns

72 B
158 B
1
1

DNS Request

209.205.72.20.in-addr.arpa
8.8.8.8:53

103.169.127.40.in-addr.arpa

dns

73 B
147 B
1
1

DNS Request

103.169.127.40.in-addr.arpa
8.8.8.8:53

15.164.165.52.in-addr.arpa

dns

72 B
146 B
1
1

DNS Request

15.164.165.52.in-addr.arpa
8.8.8.8:53

28.143.109.104.in-addr.arpa

dns

73 B
139 B
1
1

DNS Request

28.143.109.104.in-addr.arpa
8.8.8.8:53

249.197.17.2.in-addr.arpa

dns

71 B
135 B
1
1

DNS Request

249.197.17.2.in-addr.arpa
8.8.8.8:53

240.197.17.2.in-addr.arpa

dns

71 B
135 B
1
1

DNS Request

240.197.17.2.in-addr.arpa
8.8.8.8:53

21.236.111.52.in-addr.arpa

dns

72 B
158 B
1
1

DNS Request

21.236.111.52.in-addr.arpa
8.8.8.8:53

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Windows\System32\alg.exe

Filesize
1.3MB

MD5
e96a3d448a3cd98cf79d65951786b73d

SHA1
5c8d536dd83d87affc5c328d35de2f275a66cddc

SHA256
358b7d1b330859580280ce40acd85778dc82267bb1afc7550e404a0df2f99171

SHA512
b477212513f563ce9e5d0c1d17507c08ee6c4f6eb44807934b808b4559f4d0297e53feb8446d2e7cc1237c1aff8f1c92fca3f08ec2bd822763fe2b9b8766f4eb

Download Submit
memory/856-0-0x0000000000400000-0x00000000005F4000-memory.dmp

Filesize
2.0MB

Download
memory/856-1-0x0000000000BF0000-0x0000000000C57000-memory.dmp

Filesize
412KB

Download
memory/856-6-0x0000000000BF0000-0x0000000000C57000-memory.dmp

Filesize
412KB

Download
memory/856-14-0x0000000000400000-0x00000000005F4000-memory.dmp

Filesize
2.0MB

Download
memory/3880-13-0x0000000140000000-0x00000001401E9000-memory.dmp

Filesize
1.9MB

Download
memory/3880-15-0x0000000140000000-0x00000001401E9000-memory.dmp

Filesize
1.9MB

Download

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

DNS Request

DNS Request

DNS Request

DNS Request

DNS Request

DNS Request

DNS Request

DNS Request

DNS Request

DNS Request

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

We care about your privacy.