cb1fa16f15aaef090a93ee7924607781bca317857aee6ef9e0a1fe34e3b38b5f | Triage

Analysis

max time kernel
48s
max time network
54s
platform
windows7_x64
resource
win7v20210408
submitted
27-06-2021 01:22

Sharing

Report Analysis Logs

General

Target

Turtlee.games/Turtlee.games.exe
Size

2.0MB
MD5

9c05c0081959c49e9a4f117f95aaf326
SHA1

1872b4c0f35c439a54d99b36fc476acb2e0b1e87
SHA256

b5d8aefa3a39ccbff01ce2e1ca76706a9b11415807e531f8f903f35e20622b65
SHA512

eb21a451484252b2de78614a0eaf70db23ff6c7e0b813ffdd1c331c58accdd188043fc7ce6d3fac0a574c6f40674c6b336bfb09f80a49832a834865dba8273d3

Score

1^/10

Malware Config

Signatures

Suspicious use of AdjustPrivilegeToken 4 IoCs

Processes:

AUDIODG.EXE

description	pid	process
Token: 33	1188	AUDIODG.EXE
Token: SeIncBasePriorityPrivilege	1188	AUDIODG.EXE
Token: 33	1188	AUDIODG.EXE
Token: SeIncBasePriorityPrivilege	1188	AUDIODG.EXE

C:\Users\Admin\AppData\Local\Temp\Turtlee.games\Turtlee.games.exe
"C:\Users\Admin\AppData\Local\Temp\Turtlee.games\Turtlee.games.exe"
1⤵
PID:1628

C:\Windows\explorer.exe
"C:\Windows\explorer.exe"
1⤵
PID:1372

C:\Windows\system32\AUDIODG.EXE
C:\Windows\system32\AUDIODG.EXE 0x408
1⤵
- Suspicious use of AdjustPrivilegeToken
PID:1188

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

memory/1372-60-0x000007FEFC031000-0x000007FEFC033000-memory.dmp

Filesize
8KB

Download