0cc9e1b189fc2a74cad088db029d6c88cd88363ed52906d6cc143233e23e9b05

Analysis

max time kernel
118s
max time network
119s
platform
windows7_x64
resource
win7-20240508-en
resource tags

arch:x64arch:x86image:win7-20240508-enlocale:en-usos:windows7-x64system
submitted
04/07/2024, 21:11

Target

0cc9e1b189fc2a74cad088db029d6c88cd88363ed52906d6cc143233e23e9b05.exe
Size

1.3MB
MD5

b62313eff063fe6feb12b9b012d87e30
SHA1

14d56b01ffe3030d49f0c8d81d4b6e13801daf97
SHA256

0cc9e1b189fc2a74cad088db029d6c88cd88363ed52906d6cc143233e23e9b05
SHA512

bef7fd20d0608e147e76311fff570f62141bbf2b7504c9bdcc700f28085f0ef002c4f68f538166c66380875ca2c5cc49c4dff6c623c12d1f696ef07437da4fe4
SSDEEP

24576:i3LutmkEz+PAVV/bOInO4Xs2ztR4iegxLHgZpJE4VDdmt/sBlDqgZQd6XKtiMJYv:ibutmkO+wROInO4XrztygxLHkJE4VBs6

Score

5^/10

Drops file in System32 directory 1 IoCs

description	ioc	Process
File opened for modification	C:\Windows\System32\alg.exe	0cc9e1b189fc2a74cad088db029d6c88cd88363ed52906d6cc143233e23e9b05.exe

Suspicious use of AdjustPrivilegeToken 1 IoCs

description	pid	Process
Token: SeTakeOwnershipPrivilege	1444	0cc9e1b189fc2a74cad088db029d6c88cd88363ed52906d6cc143233e23e9b05.exe

memory/1444-0-0x0000000030000000-0x0000000030167000-memory.dmp

Filesize
1.4MB

Download
memory/1444-1-0x0000000001C70000-0x0000000001CD7000-memory.dmp

Filesize
412KB

Download
memory/1444-6-0x0000000001C70000-0x0000000001CD7000-memory.dmp

Filesize
412KB

Download
memory/1444-14-0x0000000030000000-0x0000000030167000-memory.dmp

Filesize
1.4MB

Download