Overview

overview

7

Static

static

3

5961f96cb7...28.exe

windows7-x64

7

5961f96cb7...28.exe

windows10-2004-x64

7

Analysis

  • max time kernel
    150s
  • max time network
    151s
  • platform
    windows7_x64
  • resource
    win7-20240704-en
  • resource tags

    arch:x64arch:x86image:win7-20240704-enlocale:en-usos:windows7-x64system
  • submitted
    15/09/2024, 07:27

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    5961f96cb72c95a056cf1545cead0cd14f4cab213c5a52c76efd8c10c1057a28.exe

  • Size

    2.0MB

  • MD5

    fb29230b78275aef586ed66c97f4840f

  • SHA1

    c56d8cde2214ca3d9032f5e25e0ac04c35422547

  • SHA256

    5961f96cb72c95a056cf1545cead0cd14f4cab213c5a52c76efd8c10c1057a28

  • SHA512

    19c70bcd9bf343bad19bfe77068c8cc5250a4e8ab2bfeef160bc821e95087a306bb3e8dd00c726c251ccc393c25a4cbc648ff30e7ce7232b66babf8258a847c9

  • SSDEEP

    49152:gvRwdG2NcOMjUfkptVxB2yEBSUoWs3bF:gpwdGVjUu5Qyi1Ps3b

Score
7/10

Malware Config

Signatures

  • Executes dropped EXE 2 IoCs
  • Drops file in System32 directory 2 IoCs
  • Suspicious use of AdjustPrivilegeToken 1 IoCs
  • Suspicious use of WriteProcessMemory 3 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\5961f96cb72c95a056cf1545cead0cd14f4cab213c5a52c76efd8c10c1057a28.exe
    "C:\Users\Admin\AppData\Local\Temp\5961f96cb72c95a056cf1545cead0cd14f4cab213c5a52c76efd8c10c1057a28.exe"
    1⤵
    • Drops file in System32 directory
    • Suspicious use of AdjustPrivilegeToken
    • Suspicious use of WriteProcessMemory
    PID:2548
    • C:\Windows\system32\WerFault.exe
      C:\Windows\system32\WerFault.exe -u -p 2548 -s 328
      2⤵
        PID:1448
    • C:\Windows\System32\alg.exe
      C:\Windows\System32\alg.exe
      1⤵
      • Executes dropped EXE
      • Drops file in System32 directory
      PID:1160

    Network

    MITRE ATT&CK Matrix

    Replay Monitor

    Loading Replay Monitor...

    Downloads

    • C:\Users\Admin\AppData\Local\Temp\JavaLauncher.log
      Filesize

      1KB

      MD5

      eb5f4e7fe196e1bb1e5678c614a168eb

      SHA1

      600d3ac5a5b494db7dca1e0a70da46c95ce8ccd6

      SHA256

      49c8c49ca04f53903fda7caf69851e651ba40747a029bb324479f023334a6931

      SHA512

      196b1caff554c4c9141cd53423cc3d0feb5e0b28820bb7289372ac26dce720fbcbac5cb83b6613877a07447d1565c57c9d555930d2a5b3975a7a7c369942ad5a

      Download Submit

    • \Windows\System32\alg.exe
      Filesize

      1.4MB

      MD5

      73e5339e0540016d5d85f3858c26d151

      SHA1

      e9b010537da4556e97a97ac48931de04b7d16c41

      SHA256

      bc37f02573a3947ab89c077476e2c5d5ffd6d9e0fbc82862881b17483d326522

      SHA512

      c287e756dfe9ee55ad9affb474fd852d30cf377da6a521df08d26516ba6a6762253a8acacf4d39be9191563ac73fbd665065234698f411924fe52916b20236ff

      Download Submit

    • memory/1160-24-0x0000000000840000-0x00000000008A0000-memory.dmp

      Filesize

      384KB

      Download

    • memory/1160-23-0x0000000100000000-0x0000000100160000-memory.dmp

      Filesize

      1.4MB

      Download

    • memory/1160-32-0x0000000000840000-0x00000000008A0000-memory.dmp

      Filesize

      384KB

      Download

    • memory/1160-35-0x0000000100000000-0x0000000100160000-memory.dmp

      Filesize

      1.4MB

      Download

    • memory/2548-0-0x0000000140000000-0x00000001401FC000-memory.dmp

      Filesize

      2.0MB

      Download

    • memory/2548-1-0x0000000001C00000-0x0000000001C60000-memory.dmp

      Filesize

      384KB

      Download

    • memory/2548-15-0x0000000001C00000-0x0000000001C60000-memory.dmp

      Filesize

      384KB

      Download

    • memory/2548-34-0x0000000140000000-0x00000001401FC000-memory.dmp

      Filesize

      2.0MB

      Download