86b0ab0c2d3cde12d6d067fc005280149e8d22114c5ef41a27010f9529ffa233

Analysis

max time kernel
122s
max time network
123s
platform
windows7_x64
resource
win7-20231129-en
resource tags

arch:x64arch:x86image:win7-20231129-enlocale:en-usos:windows7-x64system
submitted
17/04/2024, 07:20

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

86b0ab0c2d3cde12d6d067fc005280149e8d22114c5ef41a27010f9529ffa233.exe
Size

1.8MB
MD5

6d5c9335dbada3d9e812fd08d9c0b150
SHA1

b3992e939d046acc377ac792311a80149a6b96eb
SHA256

86b0ab0c2d3cde12d6d067fc005280149e8d22114c5ef41a27010f9529ffa233
SHA512

6d1a6e9d4f5cf050876116b730dd54d1a0d3f2736b6580969684281d3cab8634542204d1db4d697fb4d5b24f4536a7fafa23eb3234b3508ac70e84973a76c7bd
SSDEEP

49152:yKJ0WR7AFPyyiSruXKpk3WFDL9zxnSrmgiTd8DsMcDKGfWbYCGE:yKlBAFPydSS6W6X9lnQBiTLMiKGu8CP

Score

7^/10

Malware Config

Signatures

Executes dropped EXE 3 IoCs

pid	Process
480	Process not Found
2512	alg.exe
2900	aspnet_state.exe

Loads dropped DLL 1 IoCs

pid	Process
480	Process not Found

Drops file in System32 directory 1 IoCs

description	ioc	Process
File opened for modification	C:\Windows\System32\alg.exe	86b0ab0c2d3cde12d6d067fc005280149e8d22114c5ef41a27010f9529ffa233.exe

Drops file in Program Files directory 64 IoCs

description	ioc	Process
File created	C:\Program Files (x86)\Google\Temp\GUM194B.tmp\goopdateres_no.dll	86b0ab0c2d3cde12d6d067fc005280149e8d22114c5ef41a27010f9529ffa233.exe
File created	C:\Program Files (x86)\Google\Temp\GUM194B.tmp\goopdateres_sk.dll	86b0ab0c2d3cde12d6d067fc005280149e8d22114c5ef41a27010f9529ffa233.exe
File created	C:\Program Files (x86)\Google\Temp\GUM194B.tmp\goopdateres_sr.dll	86b0ab0c2d3cde12d6d067fc005280149e8d22114c5ef41a27010f9529ffa233.exe
File created	C:\Program Files (x86)\Google\Temp\GUM194B.tmp\psmachine_64.dll	86b0ab0c2d3cde12d6d067fc005280149e8d22114c5ef41a27010f9529ffa233.exe
File created	C:\Program Files (x86)\Google\Temp\GUM194B.tmp\GoogleUpdateCore.exe	86b0ab0c2d3cde12d6d067fc005280149e8d22114c5ef41a27010f9529ffa233.exe
File created	C:\Program Files (x86)\Google\Temp\GUM194B.tmp\goopdateres_is.dll	86b0ab0c2d3cde12d6d067fc005280149e8d22114c5ef41a27010f9529ffa233.exe
File created	C:\Program Files (x86)\Google\Temp\GUM194B.tmp\goopdateres_ja.dll	86b0ab0c2d3cde12d6d067fc005280149e8d22114c5ef41a27010f9529ffa233.exe
File created	C:\Program Files (x86)\Google\Temp\GUM194B.tmp\goopdateres_nl.dll	86b0ab0c2d3cde12d6d067fc005280149e8d22114c5ef41a27010f9529ffa233.exe
File created	C:\Program Files (x86)\Google\Temp\GUM194B.tmp\goopdateres_en.dll	86b0ab0c2d3cde12d6d067fc005280149e8d22114c5ef41a27010f9529ffa233.exe
File created	C:\Program Files (x86)\Google\Temp\GUM194B.tmp\goopdateres_fil.dll	86b0ab0c2d3cde12d6d067fc005280149e8d22114c5ef41a27010f9529ffa233.exe
File created	C:\Program Files (x86)\Google\Temp\GUM194B.tmp\goopdateres_hu.dll	86b0ab0c2d3cde12d6d067fc005280149e8d22114c5ef41a27010f9529ffa233.exe
File created	C:\Program Files (x86)\Google\Temp\GUM194B.tmp\goopdateres_ko.dll	86b0ab0c2d3cde12d6d067fc005280149e8d22114c5ef41a27010f9529ffa233.exe
File created	C:\Program Files (x86)\Google\Temp\GUM194B.tmp\goopdateres_ca.dll	86b0ab0c2d3cde12d6d067fc005280149e8d22114c5ef41a27010f9529ffa233.exe
File created	C:\Program Files (x86)\Google\Temp\GUM194B.tmp\goopdateres_sw.dll	86b0ab0c2d3cde12d6d067fc005280149e8d22114c5ef41a27010f9529ffa233.exe
File created	C:\Program Files (x86)\Google\Temp\GUM194B.tmp\goopdateres_es.dll	86b0ab0c2d3cde12d6d067fc005280149e8d22114c5ef41a27010f9529ffa233.exe
File created	C:\Program Files (x86)\Google\Temp\GUM194B.tmp\goopdateres_fa.dll	86b0ab0c2d3cde12d6d067fc005280149e8d22114c5ef41a27010f9529ffa233.exe
File created	C:\Program Files (x86)\Google\Temp\GUM194B.tmp\goopdateres_fr.dll	86b0ab0c2d3cde12d6d067fc005280149e8d22114c5ef41a27010f9529ffa233.exe
File created	C:\Program Files (x86)\Google\Temp\GUM194B.tmp\goopdateres_ms.dll	86b0ab0c2d3cde12d6d067fc005280149e8d22114c5ef41a27010f9529ffa233.exe
File created	C:\Program Files (x86)\Google\Temp\GUM194B.tmp\goopdateres_pt-PT.dll	86b0ab0c2d3cde12d6d067fc005280149e8d22114c5ef41a27010f9529ffa233.exe
File opened for modification	C:\Program Files (x86)\Google\Temp\GUM194B.tmp\GoogleUpdateSetup.exe	86b0ab0c2d3cde12d6d067fc005280149e8d22114c5ef41a27010f9529ffa233.exe
File opened for modification	C:\Program Files (x86)\Google\Temp\GUT194C.tmp	86b0ab0c2d3cde12d6d067fc005280149e8d22114c5ef41a27010f9529ffa233.exe
File created	C:\Program Files (x86)\Google\Temp\GUM194B.tmp\GoogleUpdate.exe	86b0ab0c2d3cde12d6d067fc005280149e8d22114c5ef41a27010f9529ffa233.exe
File created	C:\Program Files (x86)\Google\Temp\GUM194B.tmp\goopdate.dll	86b0ab0c2d3cde12d6d067fc005280149e8d22114c5ef41a27010f9529ffa233.exe
File created	C:\Program Files (x86)\Google\Temp\GUM194B.tmp\goopdateres_am.dll	86b0ab0c2d3cde12d6d067fc005280149e8d22114c5ef41a27010f9529ffa233.exe
File created	C:\Program Files (x86)\Google\Temp\GUM194B.tmp\goopdateres_iw.dll	86b0ab0c2d3cde12d6d067fc005280149e8d22114c5ef41a27010f9529ffa233.exe
File created	C:\Program Files (x86)\Google\Temp\GUM194B.tmp\goopdateres_en-GB.dll	86b0ab0c2d3cde12d6d067fc005280149e8d22114c5ef41a27010f9529ffa233.exe
File created	C:\Program Files (x86)\Google\Temp\GUM194B.tmp\goopdateres_pl.dll	86b0ab0c2d3cde12d6d067fc005280149e8d22114c5ef41a27010f9529ffa233.exe
File created	C:\Program Files (x86)\Google\Temp\GUM194B.tmp\goopdateres_sv.dll	86b0ab0c2d3cde12d6d067fc005280149e8d22114c5ef41a27010f9529ffa233.exe
File created	C:\Program Files (x86)\Google\Temp\GUM194B.tmp\goopdateres_bn.dll	86b0ab0c2d3cde12d6d067fc005280149e8d22114c5ef41a27010f9529ffa233.exe
File created	C:\Program Files (x86)\Google\Temp\GUM194B.tmp\goopdateres_es-419.dll	86b0ab0c2d3cde12d6d067fc005280149e8d22114c5ef41a27010f9529ffa233.exe
File created	C:\Program Files (x86)\Google\Temp\GUM194B.tmp\goopdateres_et.dll	86b0ab0c2d3cde12d6d067fc005280149e8d22114c5ef41a27010f9529ffa233.exe
File created	C:\Program Files (x86)\Google\Temp\GUM194B.tmp\goopdateres_pt-BR.dll	86b0ab0c2d3cde12d6d067fc005280149e8d22114c5ef41a27010f9529ffa233.exe
File created	C:\Program Files (x86)\Google\Temp\GUM194B.tmp\GoogleUpdateSetup.exe	86b0ab0c2d3cde12d6d067fc005280149e8d22114c5ef41a27010f9529ffa233.exe
File created	C:\Program Files (x86)\Google\Temp\GUM194B.tmp\goopdateres_bg.dll	86b0ab0c2d3cde12d6d067fc005280149e8d22114c5ef41a27010f9529ffa233.exe
File created	C:\Program Files (x86)\Google\Temp\GUM194B.tmp\goopdateres_zh-CN.dll	86b0ab0c2d3cde12d6d067fc005280149e8d22114c5ef41a27010f9529ffa233.exe
File created	C:\Program Files (x86)\Google\Temp\GUM194B.tmp\goopdateres_zh-TW.dll	86b0ab0c2d3cde12d6d067fc005280149e8d22114c5ef41a27010f9529ffa233.exe
File created	C:\Program Files (x86)\Google\Temp\GUM194B.tmp\psuser.dll	86b0ab0c2d3cde12d6d067fc005280149e8d22114c5ef41a27010f9529ffa233.exe
File created	C:\Program Files (x86)\Google\Temp\GUM194B.tmp\goopdateres_gu.dll	86b0ab0c2d3cde12d6d067fc005280149e8d22114c5ef41a27010f9529ffa233.exe
File created	C:\Program Files (x86)\Google\Temp\GUM194B.tmp\goopdateres_it.dll	86b0ab0c2d3cde12d6d067fc005280149e8d22114c5ef41a27010f9529ffa233.exe
File created	C:\Program Files (x86)\Google\Temp\GUM194B.tmp\goopdateres_uk.dll	86b0ab0c2d3cde12d6d067fc005280149e8d22114c5ef41a27010f9529ffa233.exe
File created	C:\Program Files (x86)\Google\Temp\GUM194B.tmp\GoogleUpdateOnDemand.exe	86b0ab0c2d3cde12d6d067fc005280149e8d22114c5ef41a27010f9529ffa233.exe
File created	C:\Program Files (x86)\Google\Temp\GUM194B.tmp\goopdateres_ar.dll	86b0ab0c2d3cde12d6d067fc005280149e8d22114c5ef41a27010f9529ffa233.exe
File created	C:\Program Files (x86)\Google\Temp\GUM194B.tmp\goopdateres_lv.dll	86b0ab0c2d3cde12d6d067fc005280149e8d22114c5ef41a27010f9529ffa233.exe
File created	C:\Program Files (x86)\Google\Temp\GUM194B.tmp\goopdateres_ru.dll	86b0ab0c2d3cde12d6d067fc005280149e8d22114c5ef41a27010f9529ffa233.exe
File created	C:\Program Files (x86)\Google\Temp\GUM194B.tmp\goopdateres_sl.dll	86b0ab0c2d3cde12d6d067fc005280149e8d22114c5ef41a27010f9529ffa233.exe
File created	C:\Program Files (x86)\Google\Temp\GUM194B.tmp\GoogleUpdateComRegisterShell64.exe	86b0ab0c2d3cde12d6d067fc005280149e8d22114c5ef41a27010f9529ffa233.exe
File created	C:\Program Files (x86)\Google\Temp\GUM194B.tmp\goopdateres_el.dll	86b0ab0c2d3cde12d6d067fc005280149e8d22114c5ef41a27010f9529ffa233.exe
File created	C:\Program Files (x86)\Google\Temp\GUM194B.tmp\goopdateres_mr.dll	86b0ab0c2d3cde12d6d067fc005280149e8d22114c5ef41a27010f9529ffa233.exe
File created	C:\Program Files (x86)\Google\Temp\GUM194B.tmp\goopdateres_vi.dll	86b0ab0c2d3cde12d6d067fc005280149e8d22114c5ef41a27010f9529ffa233.exe
File created	C:\Program Files (x86)\Google\Temp\GUM194B.tmp\goopdateres_cs.dll	86b0ab0c2d3cde12d6d067fc005280149e8d22114c5ef41a27010f9529ffa233.exe
File created	C:\Program Files (x86)\Google\Temp\GUM194B.tmp\goopdateres_da.dll	86b0ab0c2d3cde12d6d067fc005280149e8d22114c5ef41a27010f9529ffa233.exe
File created	C:\Program Files (x86)\Google\Temp\GUM194B.tmp\goopdateres_kn.dll	86b0ab0c2d3cde12d6d067fc005280149e8d22114c5ef41a27010f9529ffa233.exe
File created	C:\Program Files (x86)\Google\Temp\GUM194B.tmp\goopdateres_ml.dll	86b0ab0c2d3cde12d6d067fc005280149e8d22114c5ef41a27010f9529ffa233.exe
File created	C:\Program Files (x86)\Google\Temp\GUM194B.tmp\goopdateres_ro.dll	86b0ab0c2d3cde12d6d067fc005280149e8d22114c5ef41a27010f9529ffa233.exe
File created	C:\Program Files (x86)\Google\Temp\GUM194B.tmp\GoogleUpdateBroker.exe	86b0ab0c2d3cde12d6d067fc005280149e8d22114c5ef41a27010f9529ffa233.exe
File created	C:\Program Files (x86)\Google\Temp\GUM194B.tmp\psmachine.dll	86b0ab0c2d3cde12d6d067fc005280149e8d22114c5ef41a27010f9529ffa233.exe
File created	C:\Program Files (x86)\Google\Temp\GUM194B.tmp\GoogleCrashHandler64.exe	86b0ab0c2d3cde12d6d067fc005280149e8d22114c5ef41a27010f9529ffa233.exe
File created	C:\Program Files (x86)\Google\Temp\GUM194B.tmp\goopdateres_fi.dll	86b0ab0c2d3cde12d6d067fc005280149e8d22114c5ef41a27010f9529ffa233.exe
File created	C:\Program Files (x86)\Google\Temp\GUM194B.tmp\goopdateres_id.dll	86b0ab0c2d3cde12d6d067fc005280149e8d22114c5ef41a27010f9529ffa233.exe
File created	C:\Program Files (x86)\Google\Temp\GUM194B.tmp\goopdateres_de.dll	86b0ab0c2d3cde12d6d067fc005280149e8d22114c5ef41a27010f9529ffa233.exe
File created	C:\Program Files (x86)\Google\Temp\GUM194B.tmp\goopdateres_th.dll	86b0ab0c2d3cde12d6d067fc005280149e8d22114c5ef41a27010f9529ffa233.exe
File created	C:\Program Files (x86)\Google\Temp\GUM194B.tmp\goopdateres_tr.dll	86b0ab0c2d3cde12d6d067fc005280149e8d22114c5ef41a27010f9529ffa233.exe
File created	C:\Program Files (x86)\Google\Temp\GUM194B.tmp\GoogleCrashHandler.exe	86b0ab0c2d3cde12d6d067fc005280149e8d22114c5ef41a27010f9529ffa233.exe
File created	C:\Program Files (x86)\Google\Temp\GUM194B.tmp\psuser_64.dll	86b0ab0c2d3cde12d6d067fc005280149e8d22114c5ef41a27010f9529ffa233.exe

Drops file in Windows directory 1 IoCs

description	ioc	Process
File opened for modification	C:\Windows\Microsoft.NET\Framework64\v4.0.30319\aspnet_state.exe	86b0ab0c2d3cde12d6d067fc005280149e8d22114c5ef41a27010f9529ffa233.exe

Suspicious use of AdjustPrivilegeToken 1 IoCs

description	pid	Process
Token: SeTakeOwnershipPrivilege	3040	86b0ab0c2d3cde12d6d067fc005280149e8d22114c5ef41a27010f9529ffa233.exe

C:\Users\Admin\AppData\Local\Temp\86b0ab0c2d3cde12d6d067fc005280149e8d22114c5ef41a27010f9529ffa233.exe
"C:\Users\Admin\AppData\Local\Temp\86b0ab0c2d3cde12d6d067fc005280149e8d22114c5ef41a27010f9529ffa233.exe"
1⤵
- Drops file in System32 directory
- Drops file in Program Files directory
- Drops file in Windows directory
- Suspicious use of AdjustPrivilegeToken
PID:3040

C:\Windows\System32\alg.exe
C:\Windows\System32\alg.exe
1⤵
- Executes dropped EXE
PID:2512

C:\Windows\Microsoft.NET\Framework64\v4.0.30319\aspnet_state.exe
C:\Windows\Microsoft.NET\Framework64\v4.0.30319\aspnet_state.exe
1⤵
- Executes dropped EXE
PID:2900

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Windows\Microsoft.NET\Framework64\v4.0.30319\aspnet_state.exe

Filesize
603KB

MD5
0a60a7a336c51b10747e5fed77f74e65

SHA1
20aac7812be8361b711813584c734c9a88cf1cf3

SHA256
58e15bbebfaa4c92b029c818faae3c0f571c0d86eb538f14d010859bd6d38b32

SHA512
192c075a946ac75f713f85ba8c43e6b2ab3eaa16cd85aabb77a40faa74c0c2fb9c797ad0815dd147bfb085950c467b58e5a6f489180bd131c3ff82048ccc9050

Download Submit
\Windows\System32\alg.exe

Filesize
644KB

MD5
8aea6bf29ca80fdd3458b484b6e5b864

SHA1
920107f7c35ecf915e5ebd639e1dbff5653407b0

SHA256
eeded63c14a05a52a2b6e522514107a50a6416786ee8dfbbfe0718e4961bae13

SHA512
68ff017fa5adc07aa7e438da59f7f30237e4e5067db72b319bb05f889e76cf72965e1d7a2b3b5d6f5319b61db769b10dd96a1afbe9ceaee0e020b77ef3b58400

Download Submit
memory/2512-13-0x0000000100000000-0x00000001000A4000-memory.dmp

Filesize
656KB

Download
memory/2512-164-0x0000000100000000-0x00000001000A4000-memory.dmp

Filesize
656KB

Download
memory/2900-20-0x0000000140000000-0x000000014009D000-memory.dmp

Filesize
628KB

Download
memory/2900-50-0x00000000009C0000-0x0000000000A20000-memory.dmp

Filesize
384KB

Download
memory/2900-165-0x0000000140000000-0x000000014009D000-memory.dmp

Filesize
628KB

Download
memory/3040-0-0x0000000000400000-0x00000000005DB000-memory.dmp

Filesize
1.9MB

Download
memory/3040-1-0x0000000000240000-0x00000000002A7000-memory.dmp

Filesize
412KB

Download
memory/3040-7-0x0000000000240000-0x00000000002A7000-memory.dmp

Filesize
412KB

Download
memory/3040-6-0x0000000000240000-0x00000000002A7000-memory.dmp

Filesize
412KB

Download
memory/3040-163-0x0000000000400000-0x00000000005DB000-memory.dmp

Filesize
1.9MB

Download