f442d0543f6df79be9fbaed90af2dedbcf2e4774561421763577b148a9ff8554 | Triage

Resubmissions

11-04-2024 17:53

240411-wgrc2agf82 10

11-04-2024 17:50

240411-weydkagf52 10

07-03-2024 21:32

240307-1d2rtafd3x 10

05-03-2024 03:22

240305-dw4ykadb7x 10

26-02-2024 08:40

240226-klbmlahd92 10

25-01-2024 23:42

240125-3p3jlaagej 10

10-10-2023 00:01

231010-aaxetahb7s 10

14-07-2023 13:07

230714-qc385seh7w 10

11-07-2023 13:35

230711-qv314aad81 10

Analysis

max time kernel
145s
max time network
127s
platform
windows7_x64
resource
win7v20210408
submitted
06-05-2021 13:32

Sharing

Report Analysis Logs

General

Target

v2.bin.exe
Size

121KB
MD5

944ed18066724dc6ca3fb3d72e4b9bdf
SHA1

1a19c8793cd783a5bb89777f5bc09e580f97ce29
SHA256

74ce1be7fe32869dbbfe599d7992c306a7ee693eb517924135975daa64a3a92f
SHA512

a4d23cba68205350ae58920479cb52836f9c6dac20d1634993f3758a1e5866f40b0296226341958d1200e1fcd292b8138c41a9ed8911d7abeaa223a06bfe4ad3

Score

1^/10

Malware Config

Signatures

Suspicious use of AdjustPrivilegeToken 8 IoCs

Processes:

AUDIODG.EXE7zG.exe

description	pid	process
Token: 33	1840	AUDIODG.EXE
Token: SeIncBasePriorityPrivilege	1840	AUDIODG.EXE
Token: 33	1840	AUDIODG.EXE
Token: SeIncBasePriorityPrivilege	1840	AUDIODG.EXE
Token: SeRestorePrivilege	1956	7zG.exe
Token: 35	1956	7zG.exe
Token: SeSecurityPrivilege	1956	7zG.exe
Token: SeSecurityPrivilege	1956	7zG.exe

Suspicious use of FindShellTrayWindow 1 IoCs

Processes:

7zG.exe

pid process

1956 7zG.exe

C:\Users\Admin\AppData\Local\Temp\v2.bin.exe
"C:\Users\Admin\AppData\Local\Temp\v2.bin.exe"
1⤵
PID:1944

C:\Windows\system32\AUDIODG.EXE
C:\Windows\system32\AUDIODG.EXE 0x580
1⤵
- Suspicious use of AdjustPrivilegeToken
PID:1840

C:\Users\Admin\AppData\Local\Temp\v2.bin.exe
"C:\Users\Admin\AppData\Local\Temp\v2.bin.exe"
1⤵
PID:1056

C:\Program Files\7-Zip\7zG.exe
"C:\Program Files\7-Zip\7zG.exe" x -o"C:\Users\Admin\AppData\Local\Temp\v2.bin\" -spe -an -ai#7zMap25282:92:7zEvent514
1⤵
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
PID:1956

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

memory/1944-60-0x0000000076691000-0x0000000076693000-memory.dmp

Filesize
8KB

Download
memory/1956-62-0x000007FEFBFB1000-0x000007FEFBFB3000-memory.dmp

Filesize
8KB

Download