Resubmissions
11-04-2024 17:53
240411-wgrc2agf82 1011-04-2024 17:50
240411-weydkagf52 1007-03-2024 21:32
240307-1d2rtafd3x 1005-03-2024 03:22
240305-dw4ykadb7x 1026-02-2024 08:40
240226-klbmlahd92 1025-01-2024 23:42
240125-3p3jlaagej 1010-10-2023 00:01
231010-aaxetahb7s 1014-07-2023 13:07
230714-qc385seh7w 1011-07-2023 13:35
230711-qv314aad81 10Analysis
-
max time kernel
145s -
max time network
127s -
platform
windows7_x64 -
resource
win7v20210408 -
submitted
06-05-2021 13:32
Static task
static1
Behavioral task
behavioral1
Sample
v2.bin.exe
Resource
win7v20210408
windows7_x64
0 signatures
0 seconds
Behavioral task
behavioral2
Sample
v2.bin.exe
Resource
win10v20210410
windows10_x64
0 signatures
0 seconds
General
-
Target
v2.bin.exe
-
Size
121KB
-
MD5
944ed18066724dc6ca3fb3d72e4b9bdf
-
SHA1
1a19c8793cd783a5bb89777f5bc09e580f97ce29
-
SHA256
74ce1be7fe32869dbbfe599d7992c306a7ee693eb517924135975daa64a3a92f
-
SHA512
a4d23cba68205350ae58920479cb52836f9c6dac20d1634993f3758a1e5866f40b0296226341958d1200e1fcd292b8138c41a9ed8911d7abeaa223a06bfe4ad3
Score
1/10
Malware Config
Signatures
-
Suspicious use of AdjustPrivilegeToken 8 IoCs
Processes:
AUDIODG.EXE7zG.exedescription pid process Token: 33 1840 AUDIODG.EXE Token: SeIncBasePriorityPrivilege 1840 AUDIODG.EXE Token: 33 1840 AUDIODG.EXE Token: SeIncBasePriorityPrivilege 1840 AUDIODG.EXE Token: SeRestorePrivilege 1956 7zG.exe Token: 35 1956 7zG.exe Token: SeSecurityPrivilege 1956 7zG.exe Token: SeSecurityPrivilege 1956 7zG.exe -
Suspicious use of FindShellTrayWindow 1 IoCs
Processes:
7zG.exepid process 1956 7zG.exe
Processes
-
C:\Users\Admin\AppData\Local\Temp\v2.bin.exe"C:\Users\Admin\AppData\Local\Temp\v2.bin.exe"1⤵
-
C:\Windows\system32\AUDIODG.EXEC:\Windows\system32\AUDIODG.EXE 0x5801⤵
- Suspicious use of AdjustPrivilegeToken
-
C:\Users\Admin\AppData\Local\Temp\v2.bin.exe"C:\Users\Admin\AppData\Local\Temp\v2.bin.exe"1⤵
-
C:\Program Files\7-Zip\7zG.exe"C:\Program Files\7-Zip\7zG.exe" x -o"C:\Users\Admin\AppData\Local\Temp\v2.bin\" -spe -an -ai#7zMap25282:92:7zEvent5141⤵
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow