Analysis
-
max time kernel
44s -
max time network
50s -
platform
windows7_x64 -
resource
win7-20220901-en -
resource tags
arch:x64arch:x86image:win7-20220901-enlocale:en-usos:windows7-x64system -
submitted
26-11-2022 23:46
Static task
static1
Behavioral task
behavioral1
Sample
54538345681f03dfee0439fe6a48152b0684c049efa1db121c026be37e056af1.rar
Resource
win7-20220812-en
Behavioral task
behavioral2
Sample
54538345681f03dfee0439fe6a48152b0684c049efa1db121c026be37e056af1.rar
Resource
win10v2004-20220812-en
Behavioral task
behavioral3
Sample
IDM 6.21 Build 17/Patch/1.internet.download.manager.v6-patch.exe
Resource
win7-20220901-en
Behavioral task
behavioral4
Sample
IDM 6.21 Build 17/Patch/1.internet.download.manager.v6-patch.exe
Resource
win10v2004-20220812-en
Behavioral task
behavioral5
Sample
IDM 6.21 Build 17/idman621build17.exe
Resource
win7-20220812-en
Behavioral task
behavioral6
Sample
IDM 6.21 Build 17/idman621build17.exe
Resource
win10v2004-20220901-en
General
-
Target
IDM 6.21 Build 17/Patch/1.internet.download.manager.v6-patch.exe
-
Size
201KB
-
MD5
26c455a7211b88c0dbea04c33f7bd9aa
-
SHA1
5f4a63563c33d9569c70cc828b97a852008d2c7f
-
SHA256
af57d588d5b5ef9ac84b51df745f628e5e4bd998ddd4e4a301074e77fd8c632a
-
SHA512
ea4a8716f1c6779525be01d2104a24e25c327e5606b3e0aa79dcbac2007c98016d2529f3ef66ced10711a0d96453df26f81f2721aebd2f77d2e580fc16524ebd
-
SSDEEP
3072:hqT1m55Hm9fxaGOyWLVjXEECCE8DHe7YcDoX:h41qkqEcHeZY
Malware Config
Signatures
-
Loads dropped DLL 2 IoCs
Processes:
1.internet.download.manager.v6-patch.exepid process 1492 1.internet.download.manager.v6-patch.exe 1492 1.internet.download.manager.v6-patch.exe -
Suspicious use of AdjustPrivilegeToken 4 IoCs
Processes:
AUDIODG.EXEdescription pid process Token: 33 1776 AUDIODG.EXE Token: SeIncBasePriorityPrivilege 1776 AUDIODG.EXE Token: 33 1776 AUDIODG.EXE Token: SeIncBasePriorityPrivilege 1776 AUDIODG.EXE
Processes
-
C:\Users\Admin\AppData\Local\Temp\IDM 6.21 Build 17\Patch\1.internet.download.manager.v6-patch.exe"C:\Users\Admin\AppData\Local\Temp\IDM 6.21 Build 17\Patch\1.internet.download.manager.v6-patch.exe"1⤵
- Loads dropped DLL
PID:1492
-
C:\Windows\system32\AUDIODG.EXEC:\Windows\system32\AUDIODG.EXE 0x5681⤵
- Suspicious use of AdjustPrivilegeToken
PID:1776
Network
MITRE ATT&CK Matrix
Replay Monitor
Loading Replay Monitor...
Downloads
-
\Users\Admin\AppData\Local\Temp\bassmod.dllFilesize
9KB
MD5780d14604d49e3c634200c523def8351
SHA1e208ef6f421d2260070a9222f1f918f1de0a8eeb
SHA256844eb66a10b848d3a71a8c63c35f0a01550a46d2ff8503e2ca8947978b03b4d2
SHA512a49c030f11da8f0cdc4205c86bec00653ec2f8899983cad9d7195fd23255439291aaec5a7e128e1a103efd93b8566e86f15af89eba4efebf9debce14a7a5564b
-
\Users\Admin\AppData\Local\Temp\dup2patcher.dllFilesize
115KB
MD5cd81d44f0a4a4ac1b6147ce47a3fef16
SHA17f96393f401590f2e52a02eac4aa8237cda8a76d
SHA2568a30160baae13796259accad7e20909db2688b421c5e51aaf79492c620f53552
SHA512142f5f41ab82de04930e2b8c70fb2211d65c3457240eadc57b3aefa9b6a445b9b5b6f132d5578e1342729b724764b9190d36b3e40016a1812caaefc6fdb79582
-
memory/1492-55-0x0000000076BA1000-0x0000000076BA3000-memory.dmpFilesize
8KB
-
memory/1492-57-0x0000000075450000-0x000000007555A000-memory.dmpFilesize
1.0MB
-
memory/1492-58-0x0000000075450000-0x000000007555A000-memory.dmpFilesize
1.0MB