Overview

overview

7

Static

static

3

6a4f0d27ed...eN.exe

windows10-2004-x64

7

Analysis

  • max time kernel
    93s
  • max time network
    102s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20241007-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20241007-enlocale:en-usos:windows10-2004-x64system
  • submitted
    19/11/2024, 11:55

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    6a4f0d27ed9d00ee01d5046356d637d60ca308e779418b481a5cd2dd84dff41eN.exe

  • Size

    1.4MB

  • MD5

    5ee4c6a5bb6f42f837444bac99cc6440

  • SHA1

    44e0cf807b7af773d700a492c364f99a6a7bab49

  • SHA256

    6a4f0d27ed9d00ee01d5046356d637d60ca308e779418b481a5cd2dd84dff41e

  • SHA512

    ef0d9a596655acb1ae37ec1ea7d57027e0dc0a864d5b9861bac4a913e9f234736ba8936484800da6c5884de8c09399735891cab4f48dc18171e5bc31d6ba92dd

  • SSDEEP

    24576:dAFs06+Omlf3NXEbToQKoTt3yb2OnRawVcl1ZkVny2:SFs060lVXusoT4b2OnAHkVny2

Score
7/10

Malware Config

Signatures

  • Executes dropped EXE 1 IoCs
  • Drops file in System32 directory 1 IoCs
  • Suspicious use of AdjustPrivilegeToken 1 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\6a4f0d27ed9d00ee01d5046356d637d60ca308e779418b481a5cd2dd84dff41eN.exe
    "C:\Users\Admin\AppData\Local\Temp\6a4f0d27ed9d00ee01d5046356d637d60ca308e779418b481a5cd2dd84dff41eN.exe"
    1⤵
    • Drops file in System32 directory
    • Suspicious use of AdjustPrivilegeToken
    PID:2908
  • C:\Windows\System32\alg.exe
    C:\Windows\System32\alg.exe
    1⤵
    • Executes dropped EXE
    PID:1548

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Windows\System32\alg.exe
    Filesize

    1.3MB

    MD5

    d409fa09fdb637c548f5eb3229f4f92f

    SHA1

    48bd4ec74de54791c5d9e69f27891bff227a0cde

    SHA256

    fde37b3690bbd0a04a8dab17baf6e458f860c80acda1d56f607efecbf66f8289

    SHA512

    d24458dfb5d30cdb309537aa2dc5fe3b5cc7f7dd37149e0a4d8b674b788a156060d431d1248646109a8f9ea8e7f14bdfc002722aa8b6dc288e24c6fe0768e278

    Download Submit

  • memory/1548-12-0x0000000140000000-0x00000001401E9000-memory.dmp

    Filesize

    1.9MB

    Download

  • memory/1548-16-0x0000000140000000-0x00000001401E9000-memory.dmp

    Filesize

    1.9MB

    Download

  • memory/2908-0-0x0000000140000000-0x0000000140169000-memory.dmp

    Filesize

    1.4MB

    Download

  • memory/2908-1-0x00000000007A0000-0x0000000000800000-memory.dmp

    Filesize

    384KB

    Download

  • memory/2908-7-0x00000000007A0000-0x0000000000800000-memory.dmp

    Filesize

    384KB

    Download

  • memory/2908-15-0x0000000140000000-0x0000000140169000-memory.dmp

    Filesize

    1.4MB

    Download