b71f0d651664ac404e2eb16bc6252bd56779dd31261d10f6a9b16897660d7a0b

Analysis

max time kernel
132s
max time network
34s
platform
windows7_x64
resource
win7-20221111-en
resource tags

arch:x64arch:x86image:win7-20221111-enlocale:en-usos:windows7-x64system
submitted
23-11-2022 18:47

Target

b71f0d651664ac404e2eb16bc6252bd56779dd31261d10f6a9b16897660d7a0b.exe
Size

319KB
MD5

ccffbaabc6f8487815c9cf217d809da8
SHA1

366e38a8bea1921cfcf0a8a2db7e67223565018d
SHA256

b71f0d651664ac404e2eb16bc6252bd56779dd31261d10f6a9b16897660d7a0b
SHA512

7bfb67e159ddadd677b478b94003b25c5178e03a7969e688e578eaed0f37121ae64f7b789faecf7e4e57add8dd4786fc89680100a3f1a7371f0677a3400e0b32
SSDEEP

6144:OMrWPhZtFCFM5kjWD6m47ZCfW5+XKBZ34Xie3ovl7v/hxe:OMrWpZXCmaja6nlCKD34Xie3ovl7y

Score

9^/10

upx

ACProtect 1.3x - 1.4x DLL software 1 IoCs

Detects file using ACProtect software.

Processes:

resource	yara_rule
\Users\Admin\AppData\Local\Temp\dup2patcher.dll	acprotect

UPX packed file 3 IoCs

Detects executables packed with UPX/modified UPX open source packer.

Processes:

resource	yara_rule
\Users\Admin\AppData\Local\Temp\dup2patcher.dll	upx
behavioral1/memory/1460-57-0x0000000075300000-0x00000000753A7000-memory.dmp	upx
behavioral1/memory/1460-59-0x0000000075300000-0x00000000753A7000-memory.dmp	upx

Loads dropped DLL 3 IoCs

Processes:

b71f0d651664ac404e2eb16bc6252bd56779dd31261d10f6a9b16897660d7a0b.exe

Suspicious behavior: GetForegroundWindowSpam 1 IoCs

Processes:

b71f0d651664ac404e2eb16bc6252bd56779dd31261d10f6a9b16897660d7a0b.exe

pid process

1460 b71f0d651664ac404e2eb16bc6252bd56779dd31261d10f6a9b16897660d7a0b.exe

Suspicious use of AdjustPrivilegeToken 4 IoCs

Processes:

AUDIODG.EXE

description	pid	process
Token: 33	1232	AUDIODG.EXE
Token: SeIncBasePriorityPrivilege	1232	AUDIODG.EXE
Token: 33	1232	AUDIODG.EXE
Token: SeIncBasePriorityPrivilege	1232	AUDIODG.EXE

C:\Windows\system32\AUDIODG.EXE
C:\Windows\system32\AUDIODG.EXE 0x4a4
1⤵
- Suspicious use of AdjustPrivilegeToken
PID:1232

\Users\Admin\AppData\Local\Temp\C5E3399ED9A072FE864748D49BA96094.dll

Filesize
2KB

MD5
13249bc6aa781475cde4a1c90f95efd4

SHA1
0d8698befd283ca69d87ce44dad225ef792b06da

SHA256
3922a8c1b0f58b74fc3d89d7eec3fe5c5b0e8bda6b36491d2380431dd8e8284a

SHA512
aec8b793c4a1c9789af70fdaad3aa473a581585e8b76669d187cabe6c88363bacbed28200dd8f243f9dd50fc8fc27339f0e687341024d466a4d5078c28a768d2

Download Submit
\Users\Admin\AppData\Local\Temp\bassmod.dll

Filesize
9KB

MD5
780d14604d49e3c634200c523def8351

SHA1
e208ef6f421d2260070a9222f1f918f1de0a8eeb

SHA256
844eb66a10b848d3a71a8c63c35f0a01550a46d2ff8503e2ca8947978b03b4d2

SHA512
a49c030f11da8f0cdc4205c86bec00653ec2f8899983cad9d7195fd23255439291aaec5a7e128e1a103efd93b8566e86f15af89eba4efebf9debce14a7a5564b

Download Submit
\Users\Admin\AppData\Local\Temp\dup2patcher.dll

Filesize
65KB

MD5
ff268b07b5f1dc00651d4f9f500c17f2

SHA1
0019d00b43d499937a9ba569ad5ff262c9d0db01

SHA256
0b00f722f16b25bbd3dbaca8fe7b518d359dbf3a76bbb81aa345591d1367c506

SHA512
4cde10d808f52ad574c0639807b40389623d71cabf31fe368ae928887a99951132b14be3f394cebc158fe538df808118c61b2852178fd20a7de23604edfdfda8

Download Submit
memory/1460-55-0x0000000075D01000-0x0000000075D03000-memory.dmp

Filesize
8KB

Download
memory/1460-57-0x0000000075300000-0x00000000753A7000-memory.dmp

Filesize
668KB

Download
memory/1460-59-0x0000000075300000-0x00000000753A7000-memory.dmp

Filesize
668KB

Download