Overview
overview
10Static
static
10Channel.url
windows7_x64
6Channel.url
windows10-2004_x64
6Robot.url
windows7_x64
6Robot.url
windows10-2004_x64
3Thanks.vbs
windows7_x64
1Thanks.vbs
windows10-2004_x64
1Trinity to...ls.exe
windows7_x64
10Trinity to...ls.exe
windows10-2004_x64
1Web.url
windows7_x64
6Web.url
windows10-2004_x64
6Analysis
-
max time kernel
2s -
max time network
42s -
platform
windows7_x64 -
resource
win7-20220414-en -
submitted
24-05-2022 17:42
Static task
static1
Behavioral task
behavioral1
Sample
Channel.url
Resource
win7-20220414-en
Behavioral task
behavioral2
Sample
Channel.url
Resource
win10v2004-20220414-en
Behavioral task
behavioral3
Sample
Robot.url
Resource
win7-20220414-en
Behavioral task
behavioral4
Sample
Robot.url
Resource
win10v2004-20220414-en
Behavioral task
behavioral5
Sample
Thanks.vbs
Resource
win7-20220414-en
Behavioral task
behavioral6
Sample
Thanks.vbs
Resource
win10v2004-20220414-en
Behavioral task
behavioral7
Sample
Trinity tools/Trinity tools.exe
Resource
win7-20220414-en
Behavioral task
behavioral8
Sample
Trinity tools/Trinity tools.exe
Resource
win10v2004-20220414-en
Behavioral task
behavioral9
Sample
Web.url
Resource
win7-20220414-en
Behavioral task
behavioral10
Sample
Web.url
Resource
win10v2004-20220414-en
General
-
Target
Thanks.vbs
-
Size
1KB
-
MD5
7d25b62d12494679ab5a8c8e0314bbc9
-
SHA1
1f127c1afe2f8d7ea39c2e9c8d3b505306c72364
-
SHA256
d707f9bcc12de7c30e61d7796a4681056ebbff7fe25d5276e05edf02859fd39a
-
SHA512
511968294dbb3018a7e97212997de9acd5389c2798eb6b3c509bce3f0d2b99d98c512632fe8a61a8b0cae81cd3da649f273fa1e08309d4708c0ba29324a0c667
Malware Config
Signatures
-
Suspicious use of AdjustPrivilegeToken 2 IoCs
Processes:
AUDIODG.EXEdescription pid process Token: 33 1348 AUDIODG.EXE Token: SeIncBasePriorityPrivilege 1348 AUDIODG.EXE
Processes
-
C:\Windows\System32\WScript.exe"C:\Windows\System32\WScript.exe" "C:\Users\Admin\AppData\Local\Temp\Thanks.vbs"1⤵PID:376
-
C:\Windows\System32\notepad.exe"C:\Windows\System32\notepad.exe"2⤵PID:1448
-
C:\Windows\SysWOW64\DllHost.exeC:\Windows\SysWOW64\DllHost.exe /Processid:{3F6B5E16-092A-41ED-930B-0B4125D91D4E}1⤵PID:1324
-
C:\Windows\system32\AUDIODG.EXEC:\Windows\system32\AUDIODG.EXE 0x50c1⤵
- Suspicious use of AdjustPrivilegeToken
PID:1348