Analysis
-
max time kernel
91s -
max time network
156s -
platform
windows10-2004_x64 -
resource
win10v2004-20220901-en -
resource tags
arch:x64arch:x86image:win10v2004-20220901-enlocale:en-usos:windows10-2004-x64system -
submitted
29-11-2022 14:16
Behavioral task
behavioral1
Sample
KeyGen.exe
Resource
win7-20220812-en
Behavioral task
behavioral2
Sample
KeyGen.exe
Resource
win10v2004-20220901-en
Behavioral task
behavioral3
Sample
rBot.exe
Resource
win7-20220812-en
Behavioral task
behavioral4
Sample
rBot.exe
Resource
win10v2004-20221111-en
General
-
Target
KeyGen.exe
-
Size
186KB
-
MD5
29d2c757af7ba64a25723237fc369bff
-
SHA1
d572444d3413fa4a21c60953421811d4fbade9bc
-
SHA256
94d9217e5fd906ef53d647be5ae31a961de5bf4287796f49b89aa209397178da
-
SHA512
8f3c4cc8df18bc7ad239144c3c7ac12bf20fb88a8dfc9c14e1afcd040f477150644201a27d91ce66000814464caf0e1e8ee91ee3024d20d37e8e1c3a490efa75
-
SSDEEP
3072:CeNO7WXiJpad7gzeu2oBq+nZvGEzrjonA2PXF+NUBfw3FfJRiNHDTyIlzK2txj8m:Ceog4p6giMBp0EUXfd0QNjTyIl9th
Malware Config
Signatures
-
Suspicious use of AdjustPrivilegeToken 2 IoCs
Processes:
AUDIODG.EXEdescription pid process Token: 33 4596 AUDIODG.EXE Token: SeIncBasePriorityPrivilege 4596 AUDIODG.EXE