a736269f5f3a9f2e11dd776e352e1801bc28bb699e47876784b8ef761e0062db

Analysis

max time kernel
500s
max time network
433s
platform
windows7_x64
resource
win7-20220812-en
resource tags

arch:x64arch:x86image:win7-20220812-enlocale:en-usos:windows7-x64system
submitted
21/09/2022, 16:12 UTC

Target

builder.exe
Size

469KB
MD5

c2bc344f6dde0573ea9acdfb6698bf4c
SHA1

d6ae7dc2462c8c35c4a074b0a62f07cfef873c77
SHA256

a736269f5f3a9f2e11dd776e352e1801bc28bb699e47876784b8ef761e0062db
SHA512

d60cf86c0267cd4e88d21768665bbb43f3048dace1e0013b2361c5bfabf2656ff6215dfb75b6932e09545473305b4f707c069721cdde317b1df1709cd9fc61c0
SSDEEP

12288:CzVXpdg/1MB94JD7RfaVT1hG98P67PNV3giFH6J1VjR3L6dpbQrQyEpInmwuRUfB:CzxjgdRpBq1hG98P67PNV3giFH6J1Vjn

Score

1^/10

Suspicious use of AdjustPrivilegeToken 4 IoCs

description	pid	Process
Token: 33	1040	AUDIODG.EXE
Token: SeIncBasePriorityPrivilege	1040	AUDIODG.EXE
Token: 33	1040	AUDIODG.EXE
Token: SeIncBasePriorityPrivilege	1040	AUDIODG.EXE

C:\Users\Admin\AppData\Local\Temp\builder.exe
"C:\Users\Admin\AppData\Local\Temp\builder.exe"
1⤵
PID:1132

C:\Windows\system32\AUDIODG.EXE
C:\Windows\system32\AUDIODG.EXE 0x5a4
1⤵
- Suspicious use of AdjustPrivilegeToken
PID:1040

memory/1132-54-0x0000000075931000-0x0000000075933000-memory.dmp

Filesize
8KB

Download
memory/1700-55-0x000007FEFBC41000-0x000007FEFBC43000-memory.dmp

Filesize
8KB

Download