Analysis
-
max time kernel
148s -
max time network
150s -
platform
windows10-2004_x64 -
resource
win10v2004-20240426-en -
resource tags
arch:x64arch:x86image:win10v2004-20240426-enlocale:en-usos:windows10-2004-x64system -
submitted
20-05-2024 22:43
Static task
static1
Behavioral task
behavioral1
Sample
592c5939385914edfed5fdb53256ec69d20f0c68e55720dccad27cdde01db05e.exe
Resource
win7-20240220-en
Behavioral task
behavioral2
Sample
592c5939385914edfed5fdb53256ec69d20f0c68e55720dccad27cdde01db05e.exe
Resource
win10v2004-20240426-en
General
-
Target
592c5939385914edfed5fdb53256ec69d20f0c68e55720dccad27cdde01db05e.exe
-
Size
2.1MB
-
MD5
8d4d1e6a2c87ace329497a1899c41c48
-
SHA1
41d468c02286f567cf8c6b321c1d159e37bb93e6
-
SHA256
592c5939385914edfed5fdb53256ec69d20f0c68e55720dccad27cdde01db05e
-
SHA512
f4a063d70031466222f288ffbb81bf84e36fd6363a91af8053ce84b185894aa7f6254e419591b7f446b4d4b17d50c9d2927d6d5a558652335fff1f178e027eeb
-
SSDEEP
49152:dAaimdzYtiKX9G4i0awIlrrE5T+Nt2r4PRSEk1ul:dAav2lX8VDgyt2sEE5
Malware Config
Signatures
-
Drops file in System32 directory 1 IoCs
Processes:
592c5939385914edfed5fdb53256ec69d20f0c68e55720dccad27cdde01db05e.exedescription ioc process File opened for modification C:\Windows\System32\alg.exe 592c5939385914edfed5fdb53256ec69d20f0c68e55720dccad27cdde01db05e.exe -
Suspicious use of AdjustPrivilegeToken 1 IoCs
Processes:
592c5939385914edfed5fdb53256ec69d20f0c68e55720dccad27cdde01db05e.exedescription pid process Token: SeTakeOwnershipPrivilege 1636 592c5939385914edfed5fdb53256ec69d20f0c68e55720dccad27cdde01db05e.exe
Processes
Network
MITRE ATT&CK Matrix
Replay Monitor
Loading Replay Monitor...
Downloads
-
memory/1636-0-0x0000000180000000-0x0000000180228000-memory.dmpFilesize
2.2MB
-
memory/1636-1-0x0000000001FB0000-0x0000000002010000-memory.dmpFilesize
384KB
-
memory/1636-9-0x0000000001FB0000-0x0000000002010000-memory.dmpFilesize
384KB
-
memory/1636-11-0x0000000001FB0000-0x0000000002010000-memory.dmpFilesize
384KB
-
memory/1636-13-0x0000000180000000-0x0000000180228000-memory.dmpFilesize
2.2MB