b94bd7ebab9c204302c17f8f8ce08d9d2865f4db9e4e4bc3fd8eec1b296b2b7d

Analysis

max time kernel
81s
max time network
48s
platform
windows7_x64
resource
win7-20220812-en
resource tags

arch:x64arch:x86image:win7-20220812-enlocale:en-usos:windows7-x64system
submitted
19-09-2022 03:43

Target

b94bd7ebab9c204302c17f8f8ce08d9d2865f4db9e4e4bc3fd8eec1b296b2b7d.dll
Size

296KB
MD5

3309f1f1b468748b8b85ec1cb911da6c
SHA1

479d9f3fd8afcda10f4a67d8f2aeb9257c3e6de7
SHA256

b94bd7ebab9c204302c17f8f8ce08d9d2865f4db9e4e4bc3fd8eec1b296b2b7d
SHA512

8902fda07d16cf0d735fb23dc1803b8e306f2d00c6958cbeec29b8e721581d4240ba6313712ec204dd642fbe491b3aba37509165c1ef063a94b2d83b38df88c5
SSDEEP

6144:QlRc77+muzSa8ZkA9GopDyniu403dIhycW9:Qly77vuzSfNGoYn7X

Score

1^/10

Suspicious use of AdjustPrivilegeToken 4 IoCs

description	pid	Process
Token: 33	964	AUDIODG.EXE
Token: SeIncBasePriorityPrivilege	964	AUDIODG.EXE
Token: 33	964	AUDIODG.EXE
Token: SeIncBasePriorityPrivilege	964	AUDIODG.EXE

Suspicious use of WriteProcessMemory 7 IoCs

description	pid	Process	procid_target
PID 368 wrote to memory of 908	368	rundll32.exe	27
PID 368 wrote to memory of 908	368	rundll32.exe	27
PID 368 wrote to memory of 908	368	rundll32.exe	27
PID 368 wrote to memory of 908	368	rundll32.exe	27
PID 368 wrote to memory of 908	368	rundll32.exe	27
PID 368 wrote to memory of 908	368	rundll32.exe	27
PID 368 wrote to memory of 908	368	rundll32.exe	27

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\b94bd7ebab9c204302c17f8f8ce08d9d2865f4db9e4e4bc3fd8eec1b296b2b7d.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:368
- C:\Windows\SysWOW64\rundll32.exe
  rundll32.exe C:\Users\Admin\AppData\Local\Temp\b94bd7ebab9c204302c17f8f8ce08d9d2865f4db9e4e4bc3fd8eec1b296b2b7d.dll,#1
  2⤵
  PID:908

C:\Windows\system32\AUDIODG.EXE
C:\Windows\system32\AUDIODG.EXE 0x574
1⤵
- Suspicious use of AdjustPrivilegeToken
PID:964

memory/908-55-0x0000000075021000-0x0000000075023000-memory.dmp

Filesize
8KB

Download