50a20d968ac12ec915b3d12d57feea7c8ce1cbc5e0ec79c678fe2194edd34d21

Analysis

max time kernel
1195s
max time network
1234s
platform
windows7_x64
resource
win7-20221111-en
resource tags

arch:x64arch:x86image:win7-20221111-enlocale:en-usos:windows7-x64system
submitted
30-11-2022 21:25

Target

130fa3b3bbb84d762e74f602a67ef5d2f9aa949ee33dd8d23fefd1cf24d931b2.zip
Size

3.8MB
MD5

2663959af536f554600368ee077b33d3
SHA1

a7b08c5227420707681b8bfaf8ace4fe74137019
SHA256

130fa3b3bbb84d762e74f602a67ef5d2f9aa949ee33dd8d23fefd1cf24d931b2
SHA512

82639f5d787d5e9045170129cdb46768f77e0fb60c5f3e39ec7369e0acde705954157049e3428fbd57cf003b1fba1af0d427fe7467e81b6efe785f028432b921
SSDEEP

49152:DVufmPtxtvCJXroOVnQZkHhLjxVT0lb3vsd9vADDgSWOMsWKUo:YfAtxtve4ZMhLjXG7vIvADtilNo

Score

1^/10

Suspicious use of AdjustPrivilegeToken 4 IoCs

Processes:

AUDIODG.EXE

description	pid	process
Token: 33	1404	AUDIODG.EXE
Token: SeIncBasePriorityPrivilege	1404	AUDIODG.EXE
Token: 33	1404	AUDIODG.EXE
Token: SeIncBasePriorityPrivilege	1404	AUDIODG.EXE

C:\Windows\Explorer.exe
C:\Windows\Explorer.exe /idlist,,C:\Users\Admin\AppData\Local\Temp\130fa3b3bbb84d762e74f602a67ef5d2f9aa949ee33dd8d23fefd1cf24d931b2.zip
1⤵
PID:1684

C:\Windows\system32\AUDIODG.EXE
C:\Windows\system32\AUDIODG.EXE 0x560
1⤵
- Suspicious use of AdjustPrivilegeToken
PID:1404