20bfb64d98d63a70ff915b34f129811c066fd710b90f37c6e49883cfcb21deed

Analysis

max time kernel
117s
max time network
118s
platform
windows7_x64
resource
win7-20240221-en
resource tags

arch:x64arch:x86image:win7-20240221-enlocale:en-usos:windows7-x64system
submitted
10-04-2024 03:10

Target

20bfb64d98d63a70ff915b34f129811c066fd710b90f37c6e49883cfcb21deed.exe
Size

705KB
MD5

4092c678b425bf220725252880532ce8
SHA1

55f2236a57737bfd1d03d12dcc788ee13ee680f1
SHA256

20bfb64d98d63a70ff915b34f129811c066fd710b90f37c6e49883cfcb21deed
SHA512

bbd1add87194da3e6a89af8c20476900cbd3b9701fd11add04ea37d9f0d1ed582efffc16cc1be279c60f067ff8909e2e3ca79868623c603c63a2c63050665bd7
SSDEEP

12288:XA9B+Vq7d0NxksRpWE9FRHSfNm1wgbIxnBw7dzE+e3gxZC6LgjigDy5fdv8fWi+:XA9BrCks7WE9F5pwg8zmdqQjC60jiHkU

Score

5^/10

Drops file in System32 directory 1 IoCs

description	ioc	Process
File opened for modification	C:\Windows\System32\alg.exe	20bfb64d98d63a70ff915b34f129811c066fd710b90f37c6e49883cfcb21deed.exe

Suspicious use of AdjustPrivilegeToken 1 IoCs

description	pid	Process
Token: SeTakeOwnershipPrivilege	1504	20bfb64d98d63a70ff915b34f129811c066fd710b90f37c6e49883cfcb21deed.exe

memory/1504-0-0x0000000000400000-0x00000000004B5000-memory.dmp

Filesize
724KB

Download
memory/1504-1-0x0000000001DA0000-0x0000000001E07000-memory.dmp

Filesize
412KB

Download
memory/1504-6-0x0000000001DA0000-0x0000000001E07000-memory.dmp

Filesize
412KB

Download
memory/1504-7-0x0000000001DA0000-0x0000000001E07000-memory.dmp

Filesize
412KB

Download
memory/1504-12-0x0000000000400000-0x00000000004B5000-memory.dmp

Filesize
724KB

Download