Analysis
-
max time kernel
1195s -
max time network
1234s -
platform
windows7_x64 -
resource
win7-20221111-en -
resource tags
arch:x64arch:x86image:win7-20221111-enlocale:en-usos:windows7-x64system -
submitted
30-11-2022 21:25
Behavioral task
behavioral1
Sample
130fa3b3bbb84d762e74f602a67ef5d2f9aa949ee33dd8d23fefd1cf24d931b2.zip
Resource
win7-20221111-en
Behavioral task
behavioral2
Sample
130fa3b3bbb84d762e74f602a67ef5d2f9aa949ee33dd8d23fefd1cf24d931b2.zip
Resource
win10v2004-20221111-en
General
-
Target
130fa3b3bbb84d762e74f602a67ef5d2f9aa949ee33dd8d23fefd1cf24d931b2.zip
-
Size
3.8MB
-
MD5
2663959af536f554600368ee077b33d3
-
SHA1
a7b08c5227420707681b8bfaf8ace4fe74137019
-
SHA256
130fa3b3bbb84d762e74f602a67ef5d2f9aa949ee33dd8d23fefd1cf24d931b2
-
SHA512
82639f5d787d5e9045170129cdb46768f77e0fb60c5f3e39ec7369e0acde705954157049e3428fbd57cf003b1fba1af0d427fe7467e81b6efe785f028432b921
-
SSDEEP
49152:DVufmPtxtvCJXroOVnQZkHhLjxVT0lb3vsd9vADDgSWOMsWKUo:YfAtxtve4ZMhLjXG7vIvADtilNo
Malware Config
Signatures
-
Suspicious use of AdjustPrivilegeToken 4 IoCs
Processes:
AUDIODG.EXEdescription pid process Token: 33 1404 AUDIODG.EXE Token: SeIncBasePriorityPrivilege 1404 AUDIODG.EXE Token: 33 1404 AUDIODG.EXE Token: SeIncBasePriorityPrivilege 1404 AUDIODG.EXE
Processes
-
C:\Windows\Explorer.exeC:\Windows\Explorer.exe /idlist,,C:\Users\Admin\AppData\Local\Temp\130fa3b3bbb84d762e74f602a67ef5d2f9aa949ee33dd8d23fefd1cf24d931b2.zip1⤵
-
C:\Windows\system32\AUDIODG.EXEC:\Windows\system32\AUDIODG.EXE 0x5601⤵
- Suspicious use of AdjustPrivilegeToken