Overview

overview

7

Static

static

3

32699d6ede...5c.exe

windows7-x64

7

32699d6ede...5c.exe

windows10-2004-x64

7

Analysis

  • max time kernel
    167s
  • max time network
    192s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20240226-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20240226-enlocale:en-usos:windows10-2004-x64system
  • submitted
    09/04/2024, 22:04

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    32699d6edee198eaa15f03feaf8b895c.exe

  • Size

    1.2MB

  • MD5

    32699d6edee198eaa15f03feaf8b895c

  • SHA1

    14395dccfea97444a0031e185276e3f83cb0c6a3

  • SHA256

    aa5063b6e0df42d9e7b064e2d658355efb1bdde37ec1d31617e370b0f2906549

  • SHA512

    665953161f376a88da58a8e10431f72d60965f4d25df09932059d6ff0802cabb24c79bb44ddad355694558b118e36bf88278ba168ee03c462ed7c1dc7e52664d

  • SSDEEP

    24576:jyhYW6oivxbvbVSLKCdFB2YuEWB/3wgQmlMsqjnhMgeiCl7G0nehbGZpbD:j8YlbvbaNFwYG93wgMDmg27RnWGj

Score
7/10

Malware Config

Signatures

  • Executes dropped EXE 6 IoCs
  • Drops file in System32 directory 8 IoCs
  • Drops file in Program Files directory 64 IoCs
  • Drops file in Windows directory 2 IoCs
  • Modifies data under HKEY_USERS 5 IoCs
  • Suspicious behavior: LoadsDriver 2 IoCs
  • Suspicious use of AdjustPrivilegeToken 2 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\32699d6edee198eaa15f03feaf8b895c.exe
    "C:\Users\Admin\AppData\Local\Temp\32699d6edee198eaa15f03feaf8b895c.exe"
    1⤵
    • Drops file in System32 directory
    • Drops file in Windows directory
    • Suspicious use of AdjustPrivilegeToken
    PID:3796
  • C:\Windows\System32\alg.exe
    C:\Windows\System32\alg.exe
    1⤵
    • Executes dropped EXE
    • Drops file in System32 directory
    • Drops file in Program Files directory
    • Drops file in Windows directory
    PID:988
  • C:\Windows\system32\DiagSvcs\DiagnosticsHub.StandardCollector.Service.exe
    C:\Windows\system32\DiagSvcs\DiagnosticsHub.StandardCollector.Service.exe
    1⤵
    • Executes dropped EXE
    PID:3760
  • C:\Windows\System32\svchost.exe
    C:\Windows\System32\svchost.exe -k NetworkService -p -s TapiSrv
    1⤵
      PID:512
    • C:\Windows\system32\fxssvc.exe
      C:\Windows\system32\fxssvc.exe
      1⤵
      • Executes dropped EXE
      • Modifies data under HKEY_USERS
      • Suspicious use of AdjustPrivilegeToken
      PID:3252
    • C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\elevation_service.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\elevation_service.exe"
      1⤵
      • Executes dropped EXE
      PID:2304
    • C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe
      "C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe"
      1⤵
      • Executes dropped EXE
      PID:4016
    • \??\c:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE
      "c:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE"
      1⤵
      • Executes dropped EXE
      PID:2268

    Network

    MITRE ATT&CK Matrix

    Replay Monitor

    Loading Replay Monitor...

    Downloads

    • C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\elevation_service.exe
      Filesize

      2.1MB

      MD5

      1a69e5306ec70092ff021704fdbfbc72

      SHA1

      54f2f008f93f4296dfdda335f766b03098a5281e

      SHA256

      60b0bb698194712d1840a316b018787f6bfefb5ed43f788400bf8d99aa4fa9be

      SHA512

      734c4360aff1d373f2f36a0f8025662470c8e8f2c4a77e9c5c0658a5771396fd5f86d43bc42f39aacc924793ac8c260d3f9cc63ba67d91525411390f2a7e5e8e

      Download Submit

    • C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe
      Filesize

      1.4MB

      MD5

      90d1092ecd07eab818939b596dba18c6

      SHA1

      4ee94e238a640b6928e7c66a6429f9812c9e42ca

      SHA256

      9f5e95f4cabe807ec013b06858d2da0081d59a245059180ce8d74d89e72ad9ef

      SHA512

      220744452a8aea11fdaf343a184f201e8e41c76f08d142ef485a06589e02f992abfa3ee12248dda4bdbb6b3a48ba60cf0f9f795163364a8b03f9fe7064686a77

      Download Submit

    • C:\Program Files\Common Files\microsoft shared\Source Engine\OSE.EXE
      Filesize

      1.4MB

      MD5

      186196e79524999d199eb551e7323b88

      SHA1

      e14a085af59708c484ee09a6ca5ed1af0583a2df

      SHA256

      b5ba3fc0a54460b7d85fd9e567dcccead63972cc4e6274908a4540d118cb9994

      SHA512

      b14184c2493017b5b5ef4681b81c115971502d6150154878396a334c7fbf6c402f9ff5f38adbcd9e44e58e79870144e303dcdb02b7426a3db81e17b4469a4586

      Download Submit

    • C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe
      Filesize

      2.1MB

      MD5

      f87e4623da02f5d0c9895bae610f0bc9

      SHA1

      d8f312cafaf576c1bd554dd6dfc0eea206624d15

      SHA256

      afe0a41b4d822fb4bd9cc88ad30cc6c3279c5c4912dced8a2cf8e9f231b5ad45

      SHA512

      ce2cc8c4981dc0a21d81d1cbf116fd0e7b54820b64690945af25cca7caf50f43ef3b0199b99a17bbb2dc88a831892f03db04b90adacbd2eb33b31484c530f1e4

      Download Submit

    • C:\Windows\System32\DiagSvcs\DiagnosticsHub.StandardCollector.Service.exe
      Filesize

      1.3MB

      MD5

      012547bbb11bae6d499436ddc531d98a

      SHA1

      bd34ff72013f340b82233f99ff1d7b600fedd091

      SHA256

      793cdffd56b09572dedfec002ab6fcea8759d6471c8c5b7f5f959c06ddadebba

      SHA512

      cef527b4ef8df84dbaf449af045e80755671c9d8f7a9e23df6943fc4f022436dcfde390f4db4b94fe5cfb839ac7666ddc3bceb65513b2191a9bf5cae08bece25

      Download Submit

    • C:\Windows\System32\FXSSVC.exe
      Filesize

      1.2MB

      MD5

      bcf15be8e2d73ffd02a33cf070d86f10

      SHA1

      cfa0955a43852882e7ad5378230847c4b982a280

      SHA256

      991110f9e202153f4749cd3ac86ffede4f415458a9e11cf595080d277ab1becb

      SHA512

      073d93ccc17d7446b1486dcf3a00f759ff25fca88968669c053d614f6ca2c0d80f0501211c1c10474c440ae081ad638fa326eaa8f8e78314d86c3f0e4b5b057d

      Download Submit

    • C:\Windows\System32\alg.exe
      Filesize

      1.3MB

      MD5

      e45558d7068675fa939060e0d424f653

      SHA1

      2ad8c94c8035d3dae726039f6e3db4af4bfa85f9

      SHA256

      df210e41a9f595b531d9992eea425d2c23f8f1ce69825d33d9a6d497469ec342

      SHA512

      1fa5220d9a0cc861917be972c8ea8fa6cfc7d5b54560e65fabd8d6ac72b356c80dcc020ea7f55998283aba81441718b7c6eb177cb0751de5cd400d1c1c5321bd

      Download Submit

    • C:\Windows\system32\AppVClient.exe
      Filesize

      1.3MB

      MD5

      bea7139e3fe8b90cf773d525ca9a1703

      SHA1

      c6cdaf2f132381db813567d3446c160433311c93

      SHA256

      ad6bfbe16bab9a9d0e2925d33ee70162a9fcca2515bdd926e8585f925f89fde0

      SHA512

      83f0fd00750344f6a1b27f667b5c93347ddeba3b0c4b78f28bdb1a2de9c463b73f427f1bc0da7690afa7530bdd16ed061c9f2443fe6cd02c8b61057f8514a8c9

      Download Submit

    • memory/988-13-0x00000000006C0000-0x0000000000720000-memory.dmp

      Filesize

      384KB

      Download

    • memory/988-77-0x0000000140000000-0x00000001401E9000-memory.dmp

      Filesize

      1.9MB

      Download

    • memory/988-12-0x0000000140000000-0x00000001401E9000-memory.dmp

      Filesize

      1.9MB

      Download

    • memory/988-19-0x00000000006C0000-0x0000000000720000-memory.dmp

      Filesize

      384KB

      Download

    • memory/2268-208-0x0000000140000000-0x000000014020E000-memory.dmp

      Filesize

      2.1MB

      Download

    • memory/2268-85-0x0000000140000000-0x000000014020E000-memory.dmp

      Filesize

      2.1MB

      Download

    • memory/2268-92-0x00000000007B0000-0x0000000000810000-memory.dmp

      Filesize

      384KB

      Download

    • memory/2268-86-0x00000000007B0000-0x0000000000810000-memory.dmp

      Filesize

      384KB

      Download

    • memory/2304-179-0x0000000140000000-0x000000014022B000-memory.dmp

      Filesize

      2.2MB

      Download

    • memory/2304-54-0x00000000001A0000-0x0000000000200000-memory.dmp

      Filesize

      384KB

      Download

    • memory/2304-55-0x0000000140000000-0x000000014022B000-memory.dmp

      Filesize

      2.2MB

      Download

    • memory/2304-61-0x00000000001A0000-0x0000000000200000-memory.dmp

      Filesize

      384KB

      Download

    • memory/3252-63-0x0000000000DB0000-0x0000000000E10000-memory.dmp

      Filesize

      384KB

      Download

    • memory/3252-38-0x0000000000DB0000-0x0000000000E10000-memory.dmp

      Filesize

      384KB

      Download

    • memory/3252-37-0x0000000140000000-0x0000000140135000-memory.dmp

      Filesize

      1.2MB

      Download

    • memory/3252-44-0x0000000000DB0000-0x0000000000E10000-memory.dmp

      Filesize

      384KB

      Download

    • memory/3252-65-0x0000000140000000-0x0000000140135000-memory.dmp

      Filesize

      1.2MB

      Download

    • memory/3760-25-0x0000000140000000-0x00000001401E8000-memory.dmp

      Filesize

      1.9MB

      Download

    • memory/3760-26-0x00000000006B0000-0x0000000000710000-memory.dmp

      Filesize

      384KB

      Download

    • memory/3760-32-0x00000000006B0000-0x0000000000710000-memory.dmp

      Filesize

      384KB

      Download

    • memory/3760-93-0x0000000140000000-0x00000001401E8000-memory.dmp

      Filesize

      1.9MB

      Download

    • memory/3760-33-0x00000000006B0000-0x0000000000710000-memory.dmp

      Filesize

      384KB

      Download

    • memory/3796-46-0x0000000030000000-0x000000003013A000-memory.dmp

      Filesize

      1.2MB

      Download

    • memory/3796-1-0x00000000009C0000-0x0000000000A27000-memory.dmp

      Filesize

      412KB

      Download

    • memory/3796-51-0x0000000030000000-0x000000003013A000-memory.dmp

      Filesize

      1.2MB

      Download

    • memory/3796-6-0x00000000009C0000-0x0000000000A27000-memory.dmp

      Filesize

      412KB

      Download

    • memory/3796-7-0x00000000009C0000-0x0000000000A27000-memory.dmp

      Filesize

      412KB

      Download

    • memory/3796-0-0x0000000030000000-0x000000003013A000-memory.dmp

      Filesize

      1.2MB

      Download

    • memory/4016-69-0x0000000140000000-0x0000000140209000-memory.dmp

      Filesize

      2.0MB

      Download

    • memory/4016-83-0x0000000140000000-0x0000000140209000-memory.dmp

      Filesize

      2.0MB

      Download

    • memory/4016-80-0x0000000001A60000-0x0000000001AC0000-memory.dmp

      Filesize

      384KB

      Download

    • memory/4016-75-0x0000000001A60000-0x0000000001AC0000-memory.dmp

      Filesize

      384KB

      Download

    • memory/4016-68-0x0000000001A60000-0x0000000001AC0000-memory.dmp

      Filesize

      384KB

      Download