a27c3eeeb1356afff6a139193fb3207efb0e1900ea20ce555473123c8ac9a6bb

Analysis

max time kernel
117s
max time network
118s
platform
windows7_x64
resource
win7-20240508-en
resource tags

arch:x64arch:x86image:win7-20240508-enlocale:en-usos:windows7-x64system
submitted
29/05/2024, 04:08

Target

a27c3eeeb1356afff6a139193fb3207efb0e1900ea20ce555473123c8ac9a6bb.exe
Size

705KB
MD5

7ff97adcfe56392fa2ba2d96a90ed7f0
SHA1

41daa49a607b80a08d1751321e7f99f893d9c4c6
SHA256

a27c3eeeb1356afff6a139193fb3207efb0e1900ea20ce555473123c8ac9a6bb
SHA512

445ad424ec1e7180bba092eed5eee10cc9075685a274e5b298bfdf0ce1ef11a9c5a0f35c0d3ccaf2087482a2d86bf73f620b4d8c713f9dbae8a84afc95e04b5e
SSDEEP

12288:tW9B+VaGt/sB1KcYmqgZvAMlUoUjG+YKtMfnkOeZb5JYiNAgAPh:tW9Bst/sBlDqgZQd6XKtiMJYiPU

Score

5^/10

Drops file in System32 directory 1 IoCs

description	ioc	Process
File opened for modification	C:\Windows\System32\alg.exe	a27c3eeeb1356afff6a139193fb3207efb0e1900ea20ce555473123c8ac9a6bb.exe

Suspicious use of AdjustPrivilegeToken 1 IoCs

description	pid	Process
Token: SeTakeOwnershipPrivilege	2168	a27c3eeeb1356afff6a139193fb3207efb0e1900ea20ce555473123c8ac9a6bb.exe

memory/2168-0-0x0000000000400000-0x00000000004B5000-memory.dmp

Filesize
724KB

Download
memory/2168-1-0x0000000000240000-0x00000000002A7000-memory.dmp

Filesize
412KB

Download
memory/2168-7-0x0000000000240000-0x00000000002A7000-memory.dmp

Filesize
412KB

Download
memory/2168-6-0x0000000000240000-0x00000000002A7000-memory.dmp

Filesize
412KB

Download
memory/2168-12-0x0000000000400000-0x00000000004B5000-memory.dmp

Filesize
724KB

Download