Analysis
-
max time kernel
1441s -
max time network
1442s -
platform
windows7_x64 -
resource
win7-20240729-en -
resource tags
arch:x64arch:x86image:win7-20240729-enlocale:en-usos:windows7-x64system -
submitted
03-08-2024 06:46
Behavioral task
behavioral1
Sample
Alphares.exe
Resource
win7-20240729-en
windows7-x64
Behavioral task
behavioral2
Sample
Alphares.exe
Resource
win10v2004-20240802-en
windows10-2004-x64
General
-
Target
Alphares.exe
-
Size
11.2MB
-
MD5
62fade0e3c85e108ff2574ac74dea3c8
-
SHA1
729b3b8b95fd74a1e6ff7b436d4f4f85f4978823
-
SHA256
5393dc546602c96ff468c3c47123526d3aa01e62adad9b030f4ed713328c910b
-
SHA512
9bef7961d18ac0dc77cb1140e2a56d1560002a471234927569ff019bcde6d9d762750cc00789b20b53ad6087eef937255b6b8c5b9e7b08b53e855b330aa5fcb6
-
SSDEEP
196608:jsvmERwkU3b01Kpn3V+uq+VvpHxbAQvemuEtwq+ZkiKDISc7x0vlMLF0p:YeF3L01+l+uq+VvFxv99aq+ZkFYx0U
Malware Config
Signatures
-
Loads dropped DLL 1 IoCs
pid Process 2548 Alphares.exe -
Suspicious behavior: EnumeratesProcesses 10 IoCs
pid Process 2124 taskmgr.exe 2124 taskmgr.exe 2124 taskmgr.exe 2124 taskmgr.exe 2124 taskmgr.exe 2124 taskmgr.exe 2124 taskmgr.exe 2124 taskmgr.exe 2124 taskmgr.exe 2124 taskmgr.exe -
Suspicious use of AdjustPrivilegeToken 1 IoCs
description pid Process Token: SeDebugPrivilege 2124 taskmgr.exe -
Suspicious use of FindShellTrayWindow 36 IoCs
pid Process 2124 taskmgr.exe 2124 taskmgr.exe 2124 taskmgr.exe 2124 taskmgr.exe 2124 taskmgr.exe 2124 taskmgr.exe 2124 taskmgr.exe 2124 taskmgr.exe 2124 taskmgr.exe 2124 taskmgr.exe 2124 taskmgr.exe 2124 taskmgr.exe 2124 taskmgr.exe 2124 taskmgr.exe 2124 taskmgr.exe 2124 taskmgr.exe 2124 taskmgr.exe 2124 taskmgr.exe 2124 taskmgr.exe 2124 taskmgr.exe 2124 taskmgr.exe 2124 taskmgr.exe 2124 taskmgr.exe 2124 taskmgr.exe 2124 taskmgr.exe 2124 taskmgr.exe 2124 taskmgr.exe 2124 taskmgr.exe 2124 taskmgr.exe 2124 taskmgr.exe 2124 taskmgr.exe 2124 taskmgr.exe 2124 taskmgr.exe 2124 taskmgr.exe 2124 taskmgr.exe 2124 taskmgr.exe -
Suspicious use of SendNotifyMessage 36 IoCs
pid Process 2124 taskmgr.exe 2124 taskmgr.exe 2124 taskmgr.exe 2124 taskmgr.exe 2124 taskmgr.exe 2124 taskmgr.exe 2124 taskmgr.exe 2124 taskmgr.exe 2124 taskmgr.exe 2124 taskmgr.exe 2124 taskmgr.exe 2124 taskmgr.exe 2124 taskmgr.exe 2124 taskmgr.exe 2124 taskmgr.exe 2124 taskmgr.exe 2124 taskmgr.exe 2124 taskmgr.exe 2124 taskmgr.exe 2124 taskmgr.exe 2124 taskmgr.exe 2124 taskmgr.exe 2124 taskmgr.exe 2124 taskmgr.exe 2124 taskmgr.exe 2124 taskmgr.exe 2124 taskmgr.exe 2124 taskmgr.exe 2124 taskmgr.exe 2124 taskmgr.exe 2124 taskmgr.exe 2124 taskmgr.exe 2124 taskmgr.exe 2124 taskmgr.exe 2124 taskmgr.exe 2124 taskmgr.exe -
Suspicious use of WriteProcessMemory 3 IoCs
description pid Process procid_target PID 2716 wrote to memory of 2548 2716 Alphares.exe 30 PID 2716 wrote to memory of 2548 2716 Alphares.exe 30 PID 2716 wrote to memory of 2548 2716 Alphares.exe 30
Processes
-
C:\Users\Admin\AppData\Local\Temp\Alphares.exe"C:\Users\Admin\AppData\Local\Temp\Alphares.exe"1⤵
- Suspicious use of WriteProcessMemory
PID:2716 -
C:\Users\Admin\AppData\Local\Temp\Alphares.exe"C:\Users\Admin\AppData\Local\Temp\Alphares.exe"2⤵
- Loads dropped DLL
PID:2548
-
-
C:\Windows\explorer.exe"C:\Windows\explorer.exe"1⤵PID:2636
-
C:\Windows\system32\taskmgr.exe"C:\Windows\system32\taskmgr.exe" /41⤵
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
PID:2124
Network
MITRE ATT&CK Matrix
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
4.3MB
MD5e4533934b37e688106beac6c5919281e
SHA1ada39f10ef0bbdcf05822f4260e43d53367b0017
SHA2562bf761bae584ba67d9a41507b45ebd41ab6ae51755b1782496d0bc60cc1d41d5
SHA512fa681a48ddd81854c9907026d4f36b008e509729f1d9a18a621f1d86cd1176c1a1ff4f814974306fa4d9e3886e2ce112a4f79b66713e1401f5dae4bcd8b898b9