7eff736e2cd31d11dee6036387cf70e04e56ee99c79b555fa5b1e3b7ad530743 | Triage

Analysis

max time kernel
99s
max time network
142s
platform
windows10-2004_x64
resource
win10v2004-20220812-en
resource tags

arch:x64arch:x86image:win10v2004-20220812-enlocale:en-usos:windows10-2004-x64system
submitted
26-10-2022 13:24

Sharing

Report Analysis Logs

General

Target

三国志Ⅱ--霸王的大陆1.2/霸王的大陆.exe
Size

888KB
MD5

e2c99276e8ed99493489581a8783deeb
SHA1

551e1ad18a1b2b0e6eccb4038b07d211f6af9f87
SHA256

637872a9c3ffddd5f4170dfa196c215b8eb367fd0eb6615ffe001d0f9b25eeda
SHA512

cd3fdbbe3a2f25d9f71e17df081dbb58e324f59887698f3890edfd0dd0952f3cfb315eb53e5dc5c750c6813bff49bb8122748cbee3add0e71713efc1a867e336
SSDEEP

12288:VcVwvzfSz8K5JbAEypyBfLny1UgUdkN5Z4Pg6k83NsAtMOIIF+R:qXgwOPs9+1UCyEOIvR

Score

1^/10

Malware Config

Signatures

Suspicious behavior: GetForegroundWindowSpam 1 IoCs

pid	Process
4896	霸王的大陆.exe

Suspicious use of AdjustPrivilegeToken 2 IoCs

description	pid	Process
Token: 33	4752	AUDIODG.EXE
Token: SeIncBasePriorityPrivilege	4752	AUDIODG.EXE

Suspicious use of SetWindowsHookEx 3 IoCs

pid	Process
4896	霸王的大陆.exe
4896	霸王的大陆.exe
4896	霸王的大陆.exe

C:\Users\Admin\AppData\Local\Temp\三国志Ⅱ--霸王的大陆1.2\霸王的大陆.exe
"C:\Users\Admin\AppData\Local\Temp\三国志Ⅱ--霸王的大陆1.2\霸王的大陆.exe"
1⤵
- Suspicious behavior: GetForegroundWindowSpam
- Suspicious use of SetWindowsHookEx
PID:4896

C:\Windows\system32\AUDIODG.EXE
C:\Windows\system32\AUDIODG.EXE 0x4fc 0x4a4
1⤵
- Suspicious use of AdjustPrivilegeToken
PID:4752

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads