0d84a68609c35079af5c9f0b774b5ace4b2d9a698f5450d122f75b8c1355b002 | Triage

Resubmissions

22-07-2021 09:06

210722-mfazrch462 1

22-07-2021 08:43

210722-38devfqqmn 1

Analysis

max time kernel
276s
max time network
273s
platform
windows7_x64
resource
win7v20210408
submitted
22-07-2021 09:06

Sharing

Reason

Remote task has failed: Machine shutdown

Report Analysis Logs

General

Target

malware.js
Size

2.5MB
MD5

225a48ccb2b802a184f1b820b8e5b2fa
SHA1

ea938a6085dee9b1b5cee5120e02ef6de92548d1
SHA256

0d84a68609c35079af5c9f0b774b5ace4b2d9a698f5450d122f75b8c1355b002
SHA512

be387a7cef1aedf6cc84b03875207f02a9e9033613c562cd08f0a4bc1fe9d5025f554b4d2de88a3aae754b3b309654a6435c998b239672b0924dae83bd4448fe

Score

1^/10

Malware Config

Signatures

Suspicious use of AdjustPrivilegeToken 4 IoCs

Processes:

AUDIODG.EXE

description	pid	process
Token: 33	1096	AUDIODG.EXE
Token: SeIncBasePriorityPrivilege	1096	AUDIODG.EXE
Token: 33	1096	AUDIODG.EXE
Token: SeIncBasePriorityPrivilege	1096	AUDIODG.EXE

C:\Windows\system32\wscript.exe
wscript.exe C:\Users\Admin\AppData\Local\Temp\malware.js
1⤵
PID:1796

C:\Windows\explorer.exe
"C:\Windows\explorer.exe"
1⤵
PID:472

C:\Windows\system32\AUDIODG.EXE
C:\Windows\system32\AUDIODG.EXE 0x580
1⤵
- Suspicious use of AdjustPrivilegeToken
PID:1096

C:\Windows\system32\LogonUI.exe
"LogonUI.exe" /flags:0x0
1⤵
PID:596

C:\Windows\system32\LogonUI.exe
"LogonUI.exe" /flags:0x1
1⤵
PID:1752

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

memory/472-60-0x000007FEFC381000-0x000007FEFC383000-memory.dmp

Filesize
8KB

Download
memory/596-62-0x00000000027C0000-0x00000000027C1000-memory.dmp

Filesize
4KB

Download
memory/1752-64-0x00000000026E0000-0x00000000026E1000-memory.dmp

Filesize
4KB

Download