9d6a780c9d7d1b3d95717fda1f4b388aef2d7282884b0c84714e3755dbabb71b | Triage

Resubmissions

26/09/2022, 11:58

220926-n45j6safg8 8

26/09/2022, 11:52

220926-n13leabhaq 8

28/08/2021, 13:15

210828-154l63lwp2 10

Analysis

max time kernel
127s
max time network
76s
platform
windows7_x64
resource
win7v20210408
submitted
28/08/2021, 13:15

Sharing

Report Analysis Logs

General

Target

gerjjkrkjjk33.exe
Size

492KB
MD5

e530cbe69e8f66f8a8560ad9f31bfdf3
SHA1

f72ca49a000436158abb13902e4b5a864729723a
SHA256

9d6a780c9d7d1b3d95717fda1f4b388aef2d7282884b0c84714e3755dbabb71b
SHA512

96d75cf5556c4f0ba356edbc62f60b81ee45347bd9a73a93553eba511af62b725f31cf2df3cb5530d6e50ce344dd41a7bf9adbf377627228166e718ee46d24af

Score

1^/10

Malware Config

Signatures

Suspicious use of AdjustPrivilegeToken 4 IoCs

description	pid	Process
Token: 33	1848	AUDIODG.EXE
Token: SeIncBasePriorityPrivilege	1848	AUDIODG.EXE
Token: 33	1848	AUDIODG.EXE
Token: SeIncBasePriorityPrivilege	1848	AUDIODG.EXE

Suspicious use of WriteProcessMemory 7 IoCs

description	pid	Process	procid_target
PID 1704 wrote to memory of 1648	1704	wmplayer.exe	31
PID 1704 wrote to memory of 1648	1704	wmplayer.exe	31
PID 1704 wrote to memory of 1648	1704	wmplayer.exe	31
PID 1704 wrote to memory of 1648	1704	wmplayer.exe	31
PID 1704 wrote to memory of 1648	1704	wmplayer.exe	31
PID 1704 wrote to memory of 1648	1704	wmplayer.exe	31
PID 1704 wrote to memory of 1648	1704	wmplayer.exe	31

C:\Users\Admin\AppData\Local\Temp\gerjjkrkjjk33.exe
"C:\Users\Admin\AppData\Local\Temp\gerjjkrkjjk33.exe"
1⤵
PID:1052

C:\Program Files (x86)\Windows Media Player\wmplayer.exe
"C:\Program Files (x86)\Windows Media Player\wmplayer.exe" /prefetch:1
1⤵
- Suspicious use of WriteProcessMemory
PID:1704
- C:\Program Files (x86)\Windows Media Player\setup_wm.exe
  "C:\Program Files (x86)\Windows Media Player\setup_wm.exe" /RunOnce:"C:\Program Files (x86)\Windows Media Player\wmplayer.exe" /prefetch:1
  2⤵
  PID:1648

C:\Windows\explorer.exe
"C:\Windows\explorer.exe"
1⤵
PID:752

C:\Windows\system32\AUDIODG.EXE
C:\Windows\system32\AUDIODG.EXE 0x59c
1⤵
- Suspicious use of AdjustPrivilegeToken
PID:1848

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

memory/752-63-0x000007FEFB681000-0x000007FEFB683000-memory.dmp

Filesize
8KB

Download
memory/1704-60-0x0000000074D91000-0x0000000074D93000-memory.dmp

Filesize
8KB

Download