6ac7636066bda5b103e73d9e53fd9f5efb587163ebea6c48b3f9377ad28ceccb

Resubmissions

23/09/2022, 04:22

23/09/2022, 04:21

max time kernel
63s
max time network
70s
platform
windows7_x64
resource
win7-20220901-en
resource tags

arch:x64arch:x86image:win7-20220901-enlocale:en-usos:windows7-x64system
submitted
23/09/2022, 04:22

Target

Spytify.exe
Size

1.1MB
MD5

ca40952963e976b10c6c6b0fbc4ba043
SHA1

fd7f3f42e0c94e5d3dc985c3aac9d6c2ac30073c
SHA256

6ac7636066bda5b103e73d9e53fd9f5efb587163ebea6c48b3f9377ad28ceccb
SHA512

8bca02789dae91fd04a26aa50f0abe192fb17d93d52d2e869bb9096b96895174985c4e28ef3da5ef90bc40da81011c24cce8c49b804bc2a6de943a9ad65cd647
SSDEEP

6144:lotULhuDrMhr/39FwChM+nwlowp7lwGJg0IbJ3oZZmRwisCi1BexJoCi1BaWJfu9:lowrnNFiEnVfJB2futUnCVNhlFpxjfr

Score

3^/10

Program crash 1 IoCs

pid	pid_target	Process	procid_target
2012	1048	WerFault.exe	26

Suspicious use of AdjustPrivilegeToken 4 IoCs

description	pid	Process
Token: 33	1548	AUDIODG.EXE
Token: SeIncBasePriorityPrivilege	1548	AUDIODG.EXE
Token: 33	1548	AUDIODG.EXE
Token: SeIncBasePriorityPrivilege	1548	AUDIODG.EXE

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 1048 wrote to memory of 2012	1048	Spytify.exe	27
PID 1048 wrote to memory of 2012	1048	Spytify.exe	27
PID 1048 wrote to memory of 2012	1048	Spytify.exe	27

C:\Users\Admin\AppData\Local\Temp\Spytify.exe
"C:\Users\Admin\AppData\Local\Temp\Spytify.exe"
1⤵
- Suspicious use of WriteProcessMemory
PID:1048
- C:\Windows\system32\WerFault.exe
  C:\Windows\system32\WerFault.exe -u -p 1048 -s 520
  2⤵
  - Program crash
  PID:2012

C:\Windows\system32\AUDIODG.EXE
C:\Windows\system32\AUDIODG.EXE 0x4e8
1⤵
- Suspicious use of AdjustPrivilegeToken
PID:1548

memory/1048-54-0x0000000000CE0000-0x0000000000DF2000-memory.dmp

Filesize
1.1MB

Download
memory/1688-56-0x000007FEFBEE1000-0x000007FEFBEE3000-memory.dmp

Filesize
8KB

Download