e78c3eae3b918f5907509191d056fa3399a80569b2df444cea9d2b300d0e1a88

Analysis

max time kernel
150s
max time network
48s
platform
windows7_x64
resource
win7-20220901-en
resource tags

arch:x64arch:x86image:win7-20220901-enlocale:en-usos:windows7-x64system
submitted
27/11/2022, 20:28

Target

e78c3eae3b918f5907509191d056fa3399a80569b2df444cea9d2b300d0e1a88.exe
Size

4.8MB
MD5

d00a6fed04caa1b64b9517b4e2f839bc
SHA1

0fbe9a10d64eed1a4ff1bfb0579c2455caf86f0b
SHA256

e78c3eae3b918f5907509191d056fa3399a80569b2df444cea9d2b300d0e1a88
SHA512

00885151dd93f5e8a51eac72e123881e87060918f629c26445434e8e26553296b179e6a22bc947e586e558b74cbb422523c9a825b7574d1387b4ba3138797206
SSDEEP

98304:hGZLHkj2ST8NM2iwUC6WVHammIvWpULoxa3o8uFSwSL829zSk7d3f:kTkb8NM2FUl8Has+UMbhMwSL82ckh3f

Score

1^/10

Suspicious use of AdjustPrivilegeToken 4 IoCs

description	pid	Process
Token: 33	2032	AUDIODG.EXE
Token: SeIncBasePriorityPrivilege	2032	AUDIODG.EXE
Token: 33	2032	AUDIODG.EXE
Token: SeIncBasePriorityPrivilege	2032	AUDIODG.EXE

Suspicious use of SetWindowsHookEx 3 IoCs

pid	Process
1076	e78c3eae3b918f5907509191d056fa3399a80569b2df444cea9d2b300d0e1a88.exe
1076	e78c3eae3b918f5907509191d056fa3399a80569b2df444cea9d2b300d0e1a88.exe
1076	e78c3eae3b918f5907509191d056fa3399a80569b2df444cea9d2b300d0e1a88.exe

C:\Users\Admin\AppData\Local\Temp\e78c3eae3b918f5907509191d056fa3399a80569b2df444cea9d2b300d0e1a88.exe
"C:\Users\Admin\AppData\Local\Temp\e78c3eae3b918f5907509191d056fa3399a80569b2df444cea9d2b300d0e1a88.exe"
1⤵
- Suspicious use of SetWindowsHookEx
PID:1076

C:\Windows\system32\AUDIODG.EXE
C:\Windows\system32\AUDIODG.EXE 0x1b4
1⤵
- Suspicious use of AdjustPrivilegeToken
PID:2032

memory/1076-54-0x0000000075A11000-0x0000000075A13000-memory.dmp

Filesize
8KB

Download
memory/1076-55-0x0000000000400000-0x000000000042B000-memory.dmp

Filesize
172KB

Download
memory/1076-56-0x0000000000400000-0x000000000042B000-memory.dmp

Filesize
172KB

Download