d484f0c77d2b8f4b37781b075d763d7fdd72d98cabbd654e3731c41eb335d270

Analysis

max time kernel
155s
max time network
199s
platform
windows10-2004_x64
resource
win10v2004-20240412-en
resource tags

arch:x64arch:x86image:win10v2004-20240412-enlocale:en-usos:windows10-2004-x64system
submitted
19/04/2024, 10:26

Sharing

Copy URL Twitter E-mail

Report Analysis Logs

General

Target

d484f0c77d2b8f4b37781b075d763d7fdd72d98cabbd654e3731c41eb335d270.exe
Size

705KB
MD5

e0de11e16d2fc5685ec2bbfdb93c3dbf
SHA1

3afb423147b6bb9e3043c92fa7bfd3e31af1947c
SHA256

d484f0c77d2b8f4b37781b075d763d7fdd72d98cabbd654e3731c41eb335d270
SHA512

27c6f526e22ae49b0c8cbd6eb55b5d52e9ff41e98bc3b98fa3d22ce2b2bdd93c12ecddf8a57a9f16cf55ad5716bdd44462d6d7e61eeabe54fcf3536c9ff35abd
SSDEEP

12288:EW9B+VKYlhw0tgZNPNUl5KRgT3h2VR/9fyBoYJ6YNuwnReNEHFvlJsAStmhskK:EW9BsntGDjVNpyeYJ6YUwnRfWgK

Score

7^/10

Malware Config

Signatures

Executes dropped EXE 5 IoCs

pid	Process
1904	alg.exe
432	elevation_service.exe
4476	elevation_service.exe
3940	maintenanceservice.exe
2276	OSE.EXE

Drops file in System32 directory 2 IoCs

description	ioc	Process
File opened for modification	C:\Windows\System32\alg.exe	d484f0c77d2b8f4b37781b075d763d7fdd72d98cabbd654e3731c41eb335d270.exe
File opened for modification	C:\Windows\system32\config\systemprofile\AppData\Roaming\e17edc5f9ef887b.bin	alg.exe

Drops file in Program Files directory 64 IoCs

description	ioc	Process
File opened for modification	C:\Program Files\Java\jdk-1.8\bin\rmic.exe	alg.exe
File opened for modification	C:\Program Files\Java\jdk-1.8\jre\bin\javaws.exe	alg.exe
File opened for modification	C:\Program Files\Java\jre-1.8\bin\jp2launcher.exe	alg.exe
File opened for modification	C:\Program Files\Mozilla Firefox\maintenanceservice_installer.exe	alg.exe
File opened for modification	C:\Program Files\7-Zip\7zG.exe	alg.exe
File opened for modification	C:\Program Files\Java\jdk-1.8\bin\keytool.exe	alg.exe
File opened for modification	C:\Program Files\Java\jdk-1.8\bin\ktab.exe	alg.exe
File opened for modification	C:\Program Files\Java\jdk-1.8\bin\pack200.exe	alg.exe
File opened for modification	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroLayoutRecognizer\AcroLayoutRecognizer.exe	alg.exe
File opened for modification	C:\Program Files\Java\jdk-1.8\bin\jar.exe	alg.exe
File opened for modification	C:\Program Files\Java\jdk-1.8\bin\jconsole.exe	alg.exe
File opened for modification	C:\Program Files\Java\jdk-1.8\bin\jdb.exe	alg.exe
File opened for modification	C:\Program Files\Java\jdk-1.8\bin\jdeps.exe	alg.exe
File opened for modification	C:\Program Files\Common Files\microsoft shared\ClickToRun\IntegratedOffice.exe	alg.exe
File opened for modification	C:\Program Files\Common Files\microsoft shared\ClickToRun\MavInject32.exe	alg.exe
File opened for modification	C:\Program Files\Google\Chrome\Application\chrome_proxy.exe	alg.exe
File opened for modification	C:\Program Files\Java\jdk-1.8\bin\idlj.exe	alg.exe
File opened for modification	C:\Program Files\Java\jdk-1.8\jre\bin\policytool.exe	alg.exe
File opened for modification	C:\Program Files\Java\jdk-1.8\bin\jmap.exe	alg.exe
File opened for modification	C:\Program Files\Java\jdk-1.8\bin\rmiregistry.exe	alg.exe
File opened for modification	C:\Program Files\Java\jdk-1.8\bin\servertool.exe	alg.exe
File opened for modification	C:\Program Files\Java\jdk-1.8\jre\bin\kinit.exe	alg.exe
File opened for modification	C:\Program Files\Java\jre-1.8\bin\tnameserv.exe	alg.exe
File opened for modification	C:\Program Files\VideoLAN\VLC\vlc.exe	alg.exe
File opened for modification	C:\Program Files\Internet Explorer\ExtExport.exe	alg.exe
File opened for modification	C:\Program Files\Java\jdk-1.8\bin\jsadebugd.exe	alg.exe
File opened for modification	C:\Program Files\Java\jdk-1.8\bin\jstat.exe	alg.exe
File opened for modification	C:\Program Files\Java\jre-1.8\bin\kinit.exe	alg.exe
File opened for modification	C:\Program Files\Google\Chrome\Application\110.0.5481.104\Installer\setup.exe	alg.exe
File opened for modification	C:\Program Files\Java\jdk-1.8\bin\wsimport.exe	alg.exe
File opened for modification	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroRd32.exe	alg.exe
File opened for modification	C:\Program Files\Java\jre-1.8\bin\javaw.exe	alg.exe
File opened for modification	C:\Program Files\Mozilla Firefox\firefox.exe	alg.exe
File opened for modification	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrServicesUpdater.exe	alg.exe
File opened for modification	C:\Program Files\Common Files\microsoft shared\Source Engine\OSE.EXE	alg.exe
File opened for modification	C:\Program Files\dotnet\dotnet.exe	alg.exe
File opened for modification	C:\Program Files\Java\jdk-1.8\bin\javap.exe	alg.exe
File opened for modification	C:\Program Files\Java\jdk-1.8\bin\javaws.exe	alg.exe
File opened for modification	C:\Program Files\7-Zip\Uninstall.exe	alg.exe
File opened for modification	C:\Program Files\Java\jdk-1.8\bin\policytool.exe	alg.exe
File opened for modification	C:\Program Files\Common Files\microsoft shared\MSInfo\msinfo32.exe	alg.exe
File opened for modification	C:\Program Files\Java\jdk-1.8\bin\javac.exe	alg.exe
File opened for modification	C:\Program Files\Java\jdk-1.8\bin\jcmd.exe	alg.exe
File opened for modification	C:\Program Files\Java\jre-1.8\bin\java.exe	alg.exe
File opened for modification	C:\Program Files\Java\jdk-1.8\bin\appletviewer.exe	alg.exe
File opened for modification	C:\Program Files\Java\jdk-1.8\bin\klist.exe	alg.exe
File opened for modification	C:\Program Files\Java\jdk-1.8\bin\xjc.exe	alg.exe
File opened for modification	C:\Program Files\Java\jre-1.8\bin\ktab.exe	alg.exe
File opened for modification	C:\Program Files\Common Files\microsoft shared\ClickToRun\OfficeClickToRun.exe	alg.exe
File opened for modification	C:\Program Files\Common Files\microsoft shared\OFFICE16\LICLUA.EXE	alg.exe
File opened for modification	C:\Program Files\Internet Explorer\iediagcmd.exe	alg.exe
File opened for modification	C:\Program Files\Internet Explorer\iexplore.exe	alg.exe
File opened for modification	C:\Program Files\Mozilla Firefox\default-browser-agent.exe	alg.exe
File opened for modification	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroBroker.exe	alg.exe
File opened for modification	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe	alg.exe
File opened for modification	C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe	alg.exe
File opened for modification	C:\Program Files\Internet Explorer\ieinstal.exe	alg.exe
File opened for modification	C:\Program Files\Java\jdk-1.8\jre\bin\java.exe	alg.exe
File opened for modification	C:\Program Files\Mozilla Firefox\maintenanceservice.exe	alg.exe
File opened for modification	C:\Program Files\7-Zip\7zFM.exe	alg.exe
File opened for modification	C:\Program Files\Common Files\microsoft shared\ink\InputPersonalization.exe	alg.exe
File opened for modification	C:\Program Files\Java\jdk-1.8\bin\jjs.exe	alg.exe
File opened for modification	C:\Program Files\Java\jdk-1.8\jre\bin\klist.exe	alg.exe
File opened for modification	C:\Program Files\Java\jdk-1.8\jre\bin\tnameserv.exe	alg.exe

Suspicious use of AdjustPrivilegeToken 1 IoCs

description	pid	Process
Token: SeTakeOwnershipPrivilege	768	d484f0c77d2b8f4b37781b075d763d7fdd72d98cabbd654e3731c41eb335d270.exe

C:\Users\Admin\AppData\Local\Temp\d484f0c77d2b8f4b37781b075d763d7fdd72d98cabbd654e3731c41eb335d270.exe
"C:\Users\Admin\AppData\Local\Temp\d484f0c77d2b8f4b37781b075d763d7fdd72d98cabbd654e3731c41eb335d270.exe"
1⤵
- Drops file in System32 directory
- Suspicious use of AdjustPrivilegeToken
PID:768

C:\Windows\System32\alg.exe
C:\Windows\System32\alg.exe
1⤵
- Executes dropped EXE
- Drops file in System32 directory
- Drops file in Program Files directory
PID:1904

C:\Program Files\Google\Chrome\Application\110.0.5481.104\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\110.0.5481.104\elevation_service.exe"
1⤵
- Executes dropped EXE
PID:432

C:\Program Files (x86)\Microsoft\Edge\Application\123.0.2420.81\elevation_service.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\123.0.2420.81\elevation_service.exe"
1⤵
- Executes dropped EXE
PID:4476

C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe
"C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe"
1⤵
- Executes dropped EXE
PID:3940

\??\c:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE
"c:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE"
1⤵
- Executes dropped EXE
PID:2276

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Program Files (x86)\Microsoft\Edge\Application\123.0.2420.81\elevation_service.exe

Filesize
2.3MB

MD5
bce1fed54d424d45282e047e83540b65

SHA1
1ca81c2c7073838f8f908f344cf317455c1431d9

SHA256
124ee82c70ebe21bf1301af837c66e74a55834a32fc0d8c7ede06b6b62516346

SHA512
c56d64f4d5c03e94fc89cfbc56ef61f2ac9d0088c3072325112722b68fb6809e9f94be65fe8cb29388083a4803a27561775219ac71edae3bfd32465f10057b6d

Download Submit
C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe

Filesize
797KB

MD5
00f3e8d100f213bbcdab0e3cc6a10426

SHA1
716eb9ba996b23da919d5dee1ddeb7926cd1001e

SHA256
368ff13856ac7c731761515e9da17dfd97f5ea02a636ec54491b1667e68f334c

SHA512
62d52424e02594da81204b5ec02c929cc9a390c6bb73ffe41e03172896a7b4cdb1207146b6f1bac667c9545c4d28ff55b02a3d3856803e9a64c458114c3adaff

Download Submit
C:\Program Files\Common Files\microsoft shared\Source Engine\OSE.EXE

Filesize
805KB

MD5
2253364d227690b00706736ba5aac103

SHA1
521f8168a90fabe7ed4629fbc4701daa2987c9c7

SHA256
826114f291dc6da7af62d5fb151f4d8580fc0594d2914052de0c8754474fedfb

SHA512
99eb64167cff33b9172253999935b468354198a50b46bcbf363b3884fc099d5f0bedf7e90081db775a1c63b7a9db118d0c1c439cdba2662653c2c0307c27020b

Download Submit
C:\Program Files\Google\Chrome\Application\110.0.5481.104\elevation_service.exe

Filesize
2.2MB

MD5
fb160e88d9dfb81554796cc72b06beac

SHA1
b96a59c25b9b42baa03629d34375e383fb24f6b1

SHA256
67b767051f605bf5d2d773a9e24ff481cfceddf36441121d315b35a28b6e8451

SHA512
e464284b606ad516890eb025ed7d4883f6c14b40e3e9b992222ce8fd12dba7121d80a89c34fa6b41f78c99dd4bfd4b87750c86477ec55ba15098a1ae89e3edba

Download Submit
C:\Windows\System32\alg.exe

Filesize
661KB

MD5
5a0d3b249e2a55d4641e77c1a6a7c3d5

SHA1
6fad5454afac9a4103ff8b8f3585f8a827e283fc

SHA256
ffb379e45d4f41905cecdd67f7384770b198194b261b3bff599a7565080de810

SHA512
9642764ce8ab7c9564fff3c9bed3220376171f648d3b32877edd58800a54bf8585b1a3972a01d59e52ea03985b9975a74fa7bbe139a94b340def005a7fbc6c5b

Download Submit
memory/432-85-0x0000000140000000-0x000000014024B000-memory.dmp

Filesize
2.3MB

Download
memory/432-28-0x0000000000C90000-0x0000000000CF0000-memory.dmp

Filesize
384KB

Download
memory/432-29-0x0000000140000000-0x000000014024B000-memory.dmp

Filesize
2.3MB

Download
memory/432-36-0x0000000000C90000-0x0000000000CF0000-memory.dmp

Filesize
384KB

Download
memory/768-14-0x0000000000400000-0x00000000004B5000-memory.dmp

Filesize
724KB

Download
memory/768-7-0x0000000002340000-0x00000000023A7000-memory.dmp

Filesize
412KB

Download
memory/768-0-0x0000000000400000-0x00000000004B5000-memory.dmp

Filesize
724KB

Download
memory/768-6-0x0000000002340000-0x00000000023A7000-memory.dmp

Filesize
412KB

Download
memory/768-1-0x0000000002340000-0x00000000023A7000-memory.dmp

Filesize
412KB

Download
memory/1904-23-0x0000000000710000-0x0000000000770000-memory.dmp

Filesize
384KB

Download
memory/1904-15-0x0000000000710000-0x0000000000770000-memory.dmp

Filesize
384KB

Download
memory/1904-16-0x0000000140000000-0x00000001400AA000-memory.dmp

Filesize
680KB

Download
memory/1904-84-0x0000000140000000-0x00000001400AA000-memory.dmp

Filesize
680KB

Download
memory/2276-88-0x0000000140000000-0x00000001400CF000-memory.dmp

Filesize
828KB

Download
memory/2276-74-0x00000000006F0000-0x0000000000750000-memory.dmp

Filesize
384KB

Download
memory/2276-67-0x0000000140000000-0x00000001400CF000-memory.dmp

Filesize
828KB

Download
memory/2276-68-0x00000000006F0000-0x0000000000750000-memory.dmp

Filesize
384KB

Download
memory/3940-52-0x0000000001A90000-0x0000000001AF0000-memory.dmp

Filesize
384KB

Download
memory/3940-64-0x0000000140000000-0x00000001400CF000-memory.dmp

Filesize
828KB

Download
memory/3940-62-0x0000000001A90000-0x0000000001AF0000-memory.dmp

Filesize
384KB

Download
memory/3940-58-0x0000000001A90000-0x0000000001AF0000-memory.dmp

Filesize
384KB

Download
memory/3940-59-0x0000000001A90000-0x0000000001AF0000-memory.dmp

Filesize
384KB

Download
memory/3940-51-0x0000000140000000-0x00000001400CF000-memory.dmp

Filesize
828KB

Download
memory/4476-40-0x0000000140000000-0x000000014025D000-memory.dmp

Filesize
2.4MB

Download
memory/4476-41-0x0000000000890000-0x00000000008F0000-memory.dmp

Filesize
384KB

Download
memory/4476-86-0x0000000140000000-0x000000014025D000-memory.dmp

Filesize
2.4MB

Download
memory/4476-47-0x0000000000890000-0x00000000008F0000-memory.dmp

Filesize
384KB

Download

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads