34e7e4c41131cc4796be46597211929b8cac034be14786c403fa8288830731b0 | Triage

Analysis

max time kernel
441s
max time network
412s
platform
windows7_x64
resource
win7-20220812-en
resource tags

arch:x64arch:x86image:win7-20220812-enlocale:en-usos:windows7-x64system
submitted
18/10/2022, 00:53

Sharing

Copy URL Twitter E-mail

Report Analysis Logs

General

Target

print.exe
Size

23KB
MD5

9f5a47cea02a572bef79636ac0959179
SHA1

7d4e020e9f941d1c55dbc5bff7fa4fb6bd44cc55
SHA256

34e7e4c41131cc4796be46597211929b8cac034be14786c403fa8288830731b0
SHA512

751b135dde8be097365f5c38914eb8462ace7a7303ce512065a62f21f601e0a060b546e18436007c5ee284f92a492b7b6b131dd1d2ad9eee78bcb13be5c0ab29
SSDEEP

384:XXt2/kCoQJaVpnWZcHuk6r9YvrLEtThmN:Xd2/zJ4n/Hux9Yv+m

Score

1^/10

Malware Config

Signatures

Suspicious use of AdjustPrivilegeToken 4 IoCs

description	pid	Process
Token: 33	1408	AUDIODG.EXE
Token: SeIncBasePriorityPrivilege	1408	AUDIODG.EXE
Token: 33	1408	AUDIODG.EXE
Token: SeIncBasePriorityPrivilege	1408	AUDIODG.EXE

C:\Users\Admin\AppData\Local\Temp\print.exe
"C:\Users\Admin\AppData\Local\Temp\print.exe"
1⤵
PID:2040

C:\Windows\explorer.exe
"C:\Windows\explorer.exe"
1⤵
PID:1580

C:\Windows\system32\AUDIODG.EXE
C:\Windows\system32\AUDIODG.EXE 0x5a4
1⤵
- Suspicious use of AdjustPrivilegeToken
PID:1408

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

memory/1580-54-0x000007FEFBB81000-0x000007FEFBB83000-memory.dmp

Filesize
8KB

Download