Analysis
-
max time kernel
150s -
max time network
151s -
platform
windows7_x64 -
resource
win7v20201028 -
submitted
15-01-2021 17:45
Static task
static1
Behavioral task
behavioral1
Sample
_56991.exe
Resource
win7v20201028
windows7_x64
0 signatures
0 seconds
Behavioral task
behavioral2
Sample
_56991.exe
Resource
win10v20201028
windows10_x64
0 signatures
0 seconds
General
-
Target
_56991.exe
-
Size
2.1MB
-
MD5
a3e6eae5fbdc1875e49c6c84d941812f
-
SHA1
fc8d23c11118fae5d7f7a0e2d18952135354c2c9
-
SHA256
66f44a00d10affc3c6c2f08cac7a4381bae1d146a78dba33de205eb88654843d
-
SHA512
b5f9012d4049cb34789024f2cd84fd25546f086fc1449d3ab5aa761b5293019dd61dce2fcf52b569e72222346277bfdd1a56701e243afde05c737c36d7a5d443
Score
1/10
Malware Config
Signatures
-
Suspicious behavior: EnumeratesProcesses 1 IoCs
Processes:
_56991.exepid process 528 _56991.exe -
Suspicious use of AdjustPrivilegeToken 4 IoCs
Processes:
AUDIODG.EXEdescription pid process Token: 33 544 AUDIODG.EXE Token: SeIncBasePriorityPrivilege 544 AUDIODG.EXE Token: 33 544 AUDIODG.EXE Token: SeIncBasePriorityPrivilege 544 AUDIODG.EXE -
Suspicious use of SetWindowsHookEx 2 IoCs
Processes:
_56991.exepid process 528 _56991.exe 528 _56991.exe
Processes
-
C:\Users\Admin\AppData\Local\Temp\_56991.exe"C:\Users\Admin\AppData\Local\Temp\_56991.exe"1⤵
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of SetWindowsHookEx
-
C:\Windows\explorer.exe"C:\Windows\explorer.exe"1⤵
-
C:\Windows\system32\AUDIODG.EXEC:\Windows\system32\AUDIODG.EXE 0x1841⤵
- Suspicious use of AdjustPrivilegeToken