Analysis
-
max time kernel
276s -
max time network
273s -
platform
windows7_x64 -
resource
win7v20210408 -
submitted
22-07-2021 09:06
Static task
static1
Behavioral task
behavioral1
Sample
malware.js
Resource
win7v20210408
windows7_x64
0 signatures
0 seconds
Behavioral task
behavioral2
Sample
malware.js
Resource
win10v20210410
windows10_x64
0 signatures
0 seconds
Errors
Reason
Remote task has failed: Machine shutdown
General
-
Target
malware.js
-
Size
2.5MB
-
MD5
225a48ccb2b802a184f1b820b8e5b2fa
-
SHA1
ea938a6085dee9b1b5cee5120e02ef6de92548d1
-
SHA256
0d84a68609c35079af5c9f0b774b5ace4b2d9a698f5450d122f75b8c1355b002
-
SHA512
be387a7cef1aedf6cc84b03875207f02a9e9033613c562cd08f0a4bc1fe9d5025f554b4d2de88a3aae754b3b309654a6435c998b239672b0924dae83bd4448fe
Score
1/10
Malware Config
Signatures
-
Suspicious use of AdjustPrivilegeToken 4 IoCs
Processes:
AUDIODG.EXEdescription pid process Token: 33 1096 AUDIODG.EXE Token: SeIncBasePriorityPrivilege 1096 AUDIODG.EXE Token: 33 1096 AUDIODG.EXE Token: SeIncBasePriorityPrivilege 1096 AUDIODG.EXE
Processes
-
C:\Windows\system32\wscript.exewscript.exe C:\Users\Admin\AppData\Local\Temp\malware.js1⤵
-
C:\Windows\explorer.exe"C:\Windows\explorer.exe"1⤵
-
C:\Windows\system32\AUDIODG.EXEC:\Windows\system32\AUDIODG.EXE 0x5801⤵
- Suspicious use of AdjustPrivilegeToken
-
C:\Windows\system32\LogonUI.exe"LogonUI.exe" /flags:0x01⤵
-
C:\Windows\system32\LogonUI.exe"LogonUI.exe" /flags:0x11⤵