fbebc3e2a45a3c5e27661bb7142d77cbbd3406c82eecd5e6dda44090935d5945

Analysis

max time kernel
118s
max time network
119s
platform
windows7_x64
resource
win7-20240221-en
resource tags

arch:x64arch:x86image:win7-20240221-enlocale:en-usos:windows7-x64system
submitted
22-05-2024 02:18

Target

fbebc3e2a45a3c5e27661bb7142d77cbbd3406c82eecd5e6dda44090935d5945.exe
Size

1.3MB
MD5

e9f4e3baf6579941219daf74858b9160
SHA1

c6f1287bb5e580e8b8ca6a4eedd89406611fb15e
SHA256

fbebc3e2a45a3c5e27661bb7142d77cbbd3406c82eecd5e6dda44090935d5945
SHA512

f38fa6415ca3fa5d0f33e726e319991a7317a4f725960ed97c223b198880a42dff64143db0c4844b3e056a946c7e0bfd01bc8a45a0ca98428111aede0a6dcd59
SSDEEP

24576:LW9BjTNjx+mZCkt76f/24pN+XNqNG6hditW:LSPf9Ckt7c20+9qNxUW

Score

5^/10

Drops file in System32 directory 1 IoCs

Processes:

fbebc3e2a45a3c5e27661bb7142d77cbbd3406c82eecd5e6dda44090935d5945.exe

description ioc process

File opened for modification C:\Windows\System32\alg.exe fbebc3e2a45a3c5e27661bb7142d77cbbd3406c82eecd5e6dda44090935d5945.exe
Suspicious use of AdjustPrivilegeToken 1 IoCs

Processes:

fbebc3e2a45a3c5e27661bb7142d77cbbd3406c82eecd5e6dda44090935d5945.exe

description pid process

Token: SeTakeOwnershipPrivilege 2276 fbebc3e2a45a3c5e27661bb7142d77cbbd3406c82eecd5e6dda44090935d5945.exe

description	ioc	process
File opened for modification	C:\Windows\System32\alg.exe	fbebc3e2a45a3c5e27661bb7142d77cbbd3406c82eecd5e6dda44090935d5945.exe

description	pid	process
Token: SeTakeOwnershipPrivilege	2276	fbebc3e2a45a3c5e27661bb7142d77cbbd3406c82eecd5e6dda44090935d5945.exe

memory/2276-0-0x0000000000400000-0x00000000005F4000-memory.dmp

Filesize
2.0MB

Download
memory/2276-1-0x0000000000320000-0x0000000000387000-memory.dmp

Filesize
412KB

Download
memory/2276-6-0x0000000000320000-0x0000000000387000-memory.dmp

Filesize
412KB

Download
memory/2276-10-0x0000000000400000-0x00000000005F4000-memory.dmp

Filesize
2.0MB

Download