9d6a780c9d7d1b3d95717fda1f4b388aef2d7282884b0c84714e3755dbabb71b | Triage

Resubmissions

26-09-2022 11:58

220926-n45j6safg8 8

26-09-2022 11:52

220926-n13leabhaq 8

28-08-2021 13:15

210828-154l63lwp2 10

Analysis

max time kernel
127s
max time network
76s
platform
windows7_x64
resource
win7v20210408
submitted
28-08-2021 13:15

Sharing

Report Analysis Logs

General

Target

gerjjkrkjjk33.exe
Size

492KB
MD5

e530cbe69e8f66f8a8560ad9f31bfdf3
SHA1

f72ca49a000436158abb13902e4b5a864729723a
SHA256

9d6a780c9d7d1b3d95717fda1f4b388aef2d7282884b0c84714e3755dbabb71b
SHA512

96d75cf5556c4f0ba356edbc62f60b81ee45347bd9a73a93553eba511af62b725f31cf2df3cb5530d6e50ce344dd41a7bf9adbf377627228166e718ee46d24af

Score

1^/10

Malware Config

Signatures

Suspicious use of AdjustPrivilegeToken 4 IoCs

Processes:

AUDIODG.EXE

description	pid	process
Token: 33	1848	AUDIODG.EXE
Token: SeIncBasePriorityPrivilege	1848	AUDIODG.EXE
Token: 33	1848	AUDIODG.EXE
Token: SeIncBasePriorityPrivilege	1848	AUDIODG.EXE

Suspicious use of WriteProcessMemory 7 IoCs

Processes:

wmplayer.exe

description	pid	process	target process
PID 1704 wrote to memory of 1648	1704	wmplayer.exe	setup_wm.exe
PID 1704 wrote to memory of 1648	1704	wmplayer.exe	setup_wm.exe
PID 1704 wrote to memory of 1648	1704	wmplayer.exe	setup_wm.exe
PID 1704 wrote to memory of 1648	1704	wmplayer.exe	setup_wm.exe
PID 1704 wrote to memory of 1648	1704	wmplayer.exe	setup_wm.exe
PID 1704 wrote to memory of 1648	1704	wmplayer.exe	setup_wm.exe
PID 1704 wrote to memory of 1648	1704	wmplayer.exe	setup_wm.exe

C:\Users\Admin\AppData\Local\Temp\gerjjkrkjjk33.exe
"C:\Users\Admin\AppData\Local\Temp\gerjjkrkjjk33.exe"
1⤵
PID:1052

C:\Program Files (x86)\Windows Media Player\wmplayer.exe
"C:\Program Files (x86)\Windows Media Player\wmplayer.exe" /prefetch:1
1⤵
- Suspicious use of WriteProcessMemory
PID:1704

C:\Program Files (x86)\Windows Media Player\setup_wm.exe
"C:\Program Files (x86)\Windows Media Player\setup_wm.exe" /RunOnce:"C:\Program Files (x86)\Windows Media Player\wmplayer.exe" /prefetch:1
2⤵
PID:1648

C:\Windows\explorer.exe
"C:\Windows\explorer.exe"
1⤵
PID:752

C:\Windows\system32\AUDIODG.EXE
C:\Windows\system32\AUDIODG.EXE 0x59c
1⤵
- Suspicious use of AdjustPrivilegeToken
PID:1848

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

memory/752-63-0x000007FEFB681000-0x000007FEFB683000-memory.dmp

Filesize
8KB

Download
memory/1648-61-0x0000000000000000-mapping.dmp

Download
memory/1704-60-0x0000000074D91000-0x0000000074D93000-memory.dmp

Filesize
8KB

Download