Analysis
-
max time kernel
118s -
max time network
121s -
platform
windows7_x64 -
resource
win7-20240221-en -
resource tags
arch:x64arch:x86image:win7-20240221-enlocale:en-usos:windows7-x64system -
submitted
07-04-2024 19:58
Static task
static1
1 signatures
Behavioral task
behavioral1
Sample
bc16b0ca89acc5c553279d7454e120f7ad416a28dc3955c853aa9d7a8e3df41a.exe
Resource
win7-20240221-en
2 signatures
150 seconds
General
-
Target
bc16b0ca89acc5c553279d7454e120f7ad416a28dc3955c853aa9d7a8e3df41a.exe
-
Size
1.3MB
-
MD5
51f2c3afee4b3132faad1d4c79c65bd2
-
SHA1
657625a195862a295cbdbfcdf1dc1bcfa55f14d6
-
SHA256
bc16b0ca89acc5c553279d7454e120f7ad416a28dc3955c853aa9d7a8e3df41a
-
SHA512
5ddff8d37c5057b3eca5bdad4ba6de6564e9cf9d83f47e608f5c387f91ba2da353db772230997d17741d97325bbc23f73ec060994164d44e3044629b9b521317
-
SSDEEP
12288:H09B+VdMTmkJR4Do07Y86gw5CtCjX+NLuFhNpBeZT3X:H09BlSkQ/7Gb8NLEbeZ
Score
5/10
Malware Config
Signatures
-
Drops file in System32 directory 1 IoCs
Processes:
bc16b0ca89acc5c553279d7454e120f7ad416a28dc3955c853aa9d7a8e3df41a.exedescription ioc process File opened for modification C:\Windows\System32\alg.exe bc16b0ca89acc5c553279d7454e120f7ad416a28dc3955c853aa9d7a8e3df41a.exe -
Suspicious use of AdjustPrivilegeToken 1 IoCs
Processes:
bc16b0ca89acc5c553279d7454e120f7ad416a28dc3955c853aa9d7a8e3df41a.exedescription pid process Token: SeTakeOwnershipPrivilege 2100 bc16b0ca89acc5c553279d7454e120f7ad416a28dc3955c853aa9d7a8e3df41a.exe