Analysis
-
max time kernel
45s -
max time network
48s -
platform
windows7_x64 -
resource
win7-20220812-en -
resource tags
arch:x64arch:x86image:win7-20220812-enlocale:en-usos:windows7-x64system -
submitted
31/10/2022, 22:06
Static task
static1
Behavioral task
behavioral1
Sample
decf97328f90ad3a5d14853159b3e01b7f847a2c01f025545e5eed8a0327ef7b.exe
Resource
win7-20220812-en
Behavioral task
behavioral2
Sample
decf97328f90ad3a5d14853159b3e01b7f847a2c01f025545e5eed8a0327ef7b.exe
Resource
win10v2004-20220901-en
General
-
Target
decf97328f90ad3a5d14853159b3e01b7f847a2c01f025545e5eed8a0327ef7b.exe
-
Size
1.3MB
-
MD5
c62d9205946f3e34766b619346801889
-
SHA1
c5505fdcaec7d6241881452f31b8a16ce3203bef
-
SHA256
decf97328f90ad3a5d14853159b3e01b7f847a2c01f025545e5eed8a0327ef7b
-
SHA512
4656893b95f660e718cb4f8c03e4efc261c9188e54c4d4dee9e9770cf2d11787148f009acff15a2c73b51819bd7ea1eedb1561585265bfd96e9fb9a9d9248ae7
-
SSDEEP
24576:kdOhBgDMN++uUViQAih7qtWa5sMjbNvzyFDkmN224BY/0jdYdt:kd2d++uwAw7WiMX1mNt4Xedt
Malware Config
Signatures
-
Suspicious use of AdjustPrivilegeToken 4 IoCs
description pid Process Token: 33 1748 AUDIODG.EXE Token: SeIncBasePriorityPrivilege 1748 AUDIODG.EXE Token: 33 1748 AUDIODG.EXE Token: SeIncBasePriorityPrivilege 1748 AUDIODG.EXE -
Suspicious use of SetWindowsHookEx 3 IoCs
pid Process 1848 decf97328f90ad3a5d14853159b3e01b7f847a2c01f025545e5eed8a0327ef7b.exe 1848 decf97328f90ad3a5d14853159b3e01b7f847a2c01f025545e5eed8a0327ef7b.exe 1848 decf97328f90ad3a5d14853159b3e01b7f847a2c01f025545e5eed8a0327ef7b.exe
Processes
-
C:\Users\Admin\AppData\Local\Temp\decf97328f90ad3a5d14853159b3e01b7f847a2c01f025545e5eed8a0327ef7b.exe"C:\Users\Admin\AppData\Local\Temp\decf97328f90ad3a5d14853159b3e01b7f847a2c01f025545e5eed8a0327ef7b.exe"1⤵
- Suspicious use of SetWindowsHookEx
PID:1848
-
C:\Windows\system32\AUDIODG.EXEC:\Windows\system32\AUDIODG.EXE 0x26c1⤵
- Suspicious use of AdjustPrivilegeToken
PID:1748