4de05e98d67df2da53d778b229855a7f8990dbf94c984dcecfa5e7eb6989cd77

Analysis

max time kernel
84s
max time network
139s
platform
windows10-2004_x64
resource
win10v2004-20220812-en
resource tags

arch:x64arch:x86image:win10v2004-20220812-enlocale:en-usos:windows10-2004-x64system
submitted
10/09/2022, 09:38

Sharing

Copy URL Twitter E-mail

Report Analysis Logs

General

Target

4de05e98d67df2da53d778b229855a7f8990dbf94c984dcecfa5e7eb6989cd77.exe
Size

3.2MB
MD5

4bc5c66e4e6e8315137d27a02535c544
SHA1

85f88059177c696982345165b6ad0e3bc1c1cab9
SHA256

4de05e98d67df2da53d778b229855a7f8990dbf94c984dcecfa5e7eb6989cd77
SHA512

a118f3722cacfa9c13770d4939899705b13bdedb29ae615be25c08cd39364333eba1537e2dc1971591b10a259d50cddbc28a4fe28951f12220720b68c32fee0a
SSDEEP

49152:iGkwn5mqQrNOQwIeuKx+KkXuy62XVD/tl6HWw4uA0cYG7:iGElrNSIRKhy62lD/tpw1

Score

5^/10

Malware Config

Signatures

Drops file in System32 directory 2 IoCs

description	ioc	Process
File created	C:\Windows\SysWOW64\Severus.dll	4de05e98d67df2da53d778b229855a7f8990dbf94c984dcecfa5e7eb6989cd77.exe
File opened for modification	C:\Windows\SysWOW64\Severus.dll	4de05e98d67df2da53d778b229855a7f8990dbf94c984dcecfa5e7eb6989cd77.exe

Drops file in Windows directory 49 IoCs

description	ioc	Process
File created	C:\Windows\fish5.bmp	4de05e98d67df2da53d778b229855a7f8990dbf94c984dcecfa5e7eb6989cd77.exe
File created	C:\Windows\fish7.bmp	4de05e98d67df2da53d778b229855a7f8990dbf94c984dcecfa5e7eb6989cd77.exe
File created	C:\Windows\fish8.bmp	4de05e98d67df2da53d778b229855a7f8990dbf94c984dcecfa5e7eb6989cd77.exe
File created	C:\Windows\fish14.bmp	4de05e98d67df2da53d778b229855a7f8990dbf94c984dcecfa5e7eb6989cd77.exe
File opened for modification	C:\Windows\BackGround0.ad	4de05e98d67df2da53d778b229855a7f8990dbf94c984dcecfa5e7eb6989cd77.exe
File opened for modification	C:\Windows\fish1.ad	4de05e98d67df2da53d778b229855a7f8990dbf94c984dcecfa5e7eb6989cd77.exe
File opened for modification	C:\Windows\fish2.ad	4de05e98d67df2da53d778b229855a7f8990dbf94c984dcecfa5e7eb6989cd77.exe
File created	C:\Windows\fish2.bmp	4de05e98d67df2da53d778b229855a7f8990dbf94c984dcecfa5e7eb6989cd77.exe
File created	C:\Windows\fish18.bmp	4de05e98d67df2da53d778b229855a7f8990dbf94c984dcecfa5e7eb6989cd77.exe
File opened for modification	C:\Windows\DiXing.ad	4de05e98d67df2da53d778b229855a7f8990dbf94c984dcecfa5e7eb6989cd77.exe
File opened for modification	C:\Windows\fish5.ad	4de05e98d67df2da53d778b229855a7f8990dbf94c984dcecfa5e7eb6989cd77.exe
File opened for modification	C:\Windows\fish15.ad	4de05e98d67df2da53d778b229855a7f8990dbf94c984dcecfa5e7eb6989cd77.exe
File opened for modification	C:\Windows\fish13.ad	4de05e98d67df2da53d778b229855a7f8990dbf94c984dcecfa5e7eb6989cd77.exe
File created	C:\Windows\fish19.bmp	4de05e98d67df2da53d778b229855a7f8990dbf94c984dcecfa5e7eb6989cd77.exe
File created	C:\Windows\fish0.bmp	4de05e98d67df2da53d778b229855a7f8990dbf94c984dcecfa5e7eb6989cd77.exe
File opened for modification	C:\Windows\fish6.ad	4de05e98d67df2da53d778b229855a7f8990dbf94c984dcecfa5e7eb6989cd77.exe
File created	C:\Windows\fish6.bmp	4de05e98d67df2da53d778b229855a7f8990dbf94c984dcecfa5e7eb6989cd77.exe
File opened for modification	C:\Windows\fish10.ad	4de05e98d67df2da53d778b229855a7f8990dbf94c984dcecfa5e7eb6989cd77.exe
File opened for modification	C:\Windows\fish17.ad	4de05e98d67df2da53d778b229855a7f8990dbf94c984dcecfa5e7eb6989cd77.exe
File created	C:\Windows\fish17.bmp	4de05e98d67df2da53d778b229855a7f8990dbf94c984dcecfa5e7eb6989cd77.exe
File created	C:\Windows\DiXing.bmp	4de05e98d67df2da53d778b229855a7f8990dbf94c984dcecfa5e7eb6989cd77.exe
File created	C:\Windows\fish1.bmp	4de05e98d67df2da53d778b229855a7f8990dbf94c984dcecfa5e7eb6989cd77.exe
File created	C:\Windows\fish9.bmp	4de05e98d67df2da53d778b229855a7f8990dbf94c984dcecfa5e7eb6989cd77.exe
File opened for modification	C:\Windows\fish12.ad	4de05e98d67df2da53d778b229855a7f8990dbf94c984dcecfa5e7eb6989cd77.exe
File created	C:\Windows\fish15.bmp	4de05e98d67df2da53d778b229855a7f8990dbf94c984dcecfa5e7eb6989cd77.exe
File opened for modification	C:\Windows\fish19.ad	4de05e98d67df2da53d778b229855a7f8990dbf94c984dcecfa5e7eb6989cd77.exe
File opened for modification	C:\Windows\HerosSet.ini	4de05e98d67df2da53d778b229855a7f8990dbf94c984dcecfa5e7eb6989cd77.exe
File opened for modification	C:\Windows\Particle1.ad	4de05e98d67df2da53d778b229855a7f8990dbf94c984dcecfa5e7eb6989cd77.exe
File opened for modification	C:\Windows\Music.ad	4de05e98d67df2da53d778b229855a7f8990dbf94c984dcecfa5e7eb6989cd77.exe
File opened for modification	C:\Windows\fish7.ad	4de05e98d67df2da53d778b229855a7f8990dbf94c984dcecfa5e7eb6989cd77.exe
File created	C:\Windows\fish11.bmp	4de05e98d67df2da53d778b229855a7f8990dbf94c984dcecfa5e7eb6989cd77.exe
File created	C:\Windows\fish12.bmp	4de05e98d67df2da53d778b229855a7f8990dbf94c984dcecfa5e7eb6989cd77.exe
File opened for modification	C:\Windows\fish18.ad	4de05e98d67df2da53d778b229855a7f8990dbf94c984dcecfa5e7eb6989cd77.exe
File created	C:\Windows\BackGround0.bmp	4de05e98d67df2da53d778b229855a7f8990dbf94c984dcecfa5e7eb6989cd77.exe
File opened for modification	C:\Windows\fish4.ad	4de05e98d67df2da53d778b229855a7f8990dbf94c984dcecfa5e7eb6989cd77.exe
File created	C:\Windows\fish10.bmp	4de05e98d67df2da53d778b229855a7f8990dbf94c984dcecfa5e7eb6989cd77.exe
File opened for modification	C:\Windows\fish11.ad	4de05e98d67df2da53d778b229855a7f8990dbf94c984dcecfa5e7eb6989cd77.exe
File created	C:\Windows\Particle1.bmp	4de05e98d67df2da53d778b229855a7f8990dbf94c984dcecfa5e7eb6989cd77.exe
File created	C:\Windows\Music.wav	4de05e98d67df2da53d778b229855a7f8990dbf94c984dcecfa5e7eb6989cd77.exe
File opened for modification	C:\Windows\fish0.ad	4de05e98d67df2da53d778b229855a7f8990dbf94c984dcecfa5e7eb6989cd77.exe
File opened for modification	C:\Windows\fish3.ad	4de05e98d67df2da53d778b229855a7f8990dbf94c984dcecfa5e7eb6989cd77.exe
File opened for modification	C:\Windows\fish8.ad	4de05e98d67df2da53d778b229855a7f8990dbf94c984dcecfa5e7eb6989cd77.exe
File opened for modification	C:\Windows\fish9.ad	4de05e98d67df2da53d778b229855a7f8990dbf94c984dcecfa5e7eb6989cd77.exe
File opened for modification	C:\Windows\fish16.ad	4de05e98d67df2da53d778b229855a7f8990dbf94c984dcecfa5e7eb6989cd77.exe
File created	C:\Windows\fish16.bmp	4de05e98d67df2da53d778b229855a7f8990dbf94c984dcecfa5e7eb6989cd77.exe
File created	C:\Windows\fish3.bmp	4de05e98d67df2da53d778b229855a7f8990dbf94c984dcecfa5e7eb6989cd77.exe
File created	C:\Windows\fish4.bmp	4de05e98d67df2da53d778b229855a7f8990dbf94c984dcecfa5e7eb6989cd77.exe
File created	C:\Windows\fish13.bmp	4de05e98d67df2da53d778b229855a7f8990dbf94c984dcecfa5e7eb6989cd77.exe
File opened for modification	C:\Windows\fish14.ad	4de05e98d67df2da53d778b229855a7f8990dbf94c984dcecfa5e7eb6989cd77.exe

Suspicious use of AdjustPrivilegeToken 2 IoCs

description	pid	Process
Token: 33	3136	AUDIODG.EXE
Token: SeIncBasePriorityPrivilege	3136	AUDIODG.EXE

Suspicious use of SetWindowsHookEx 2 IoCs

pid	Process
796	4de05e98d67df2da53d778b229855a7f8990dbf94c984dcecfa5e7eb6989cd77.exe
796	4de05e98d67df2da53d778b229855a7f8990dbf94c984dcecfa5e7eb6989cd77.exe

C:\Users\Admin\AppData\Local\Temp\4de05e98d67df2da53d778b229855a7f8990dbf94c984dcecfa5e7eb6989cd77.exe
"C:\Users\Admin\AppData\Local\Temp\4de05e98d67df2da53d778b229855a7f8990dbf94c984dcecfa5e7eb6989cd77.exe"
1⤵
- Drops file in System32 directory
- Drops file in Windows directory
- Suspicious use of SetWindowsHookEx
PID:796

C:\Windows\system32\AUDIODG.EXE
C:\Windows\system32\AUDIODG.EXE 0x414 0x380
1⤵
- Suspicious use of AdjustPrivilegeToken
PID:3136

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads