8a105c940cebbaf52f2cf2db8a4eaae547d08631c1f335bd9c5ef30c35f8970d

Analysis

max time kernel
65s
max time network
45s
platform
windows7_x64
resource
win7-20220812-en
resource tags

arch:x64arch:x86image:win7-20220812-enlocale:en-usos:windows7-x64system
submitted
02/12/2022, 23:01

Target

8a105c940cebbaf52f2cf2db8a4eaae547d08631c1f335bd9c5ef30c35f8970d.dll
Size

336KB
MD5

7f773a696966170f48a4f1400771d0a9
SHA1

5fd87624b83077607847a0a2f3e6acf350db8d25
SHA256

8a105c940cebbaf52f2cf2db8a4eaae547d08631c1f335bd9c5ef30c35f8970d
SHA512

b6caf9fed3e1a2750b99105893b8ec9b1d8de17b3c9e5432d92e4a969ac81971ab1f290fb323ea817f68d2c4723847ddbfd496b946245cc9935d179854da403e
SSDEEP

6144:jm4oIa8Ik5u0/EqPAHQes1gP89l9xMVZ+9+JFw:jVtaPksNqPAHY1FxMe+U

Score

1^/10

Suspicious use of AdjustPrivilegeToken 4 IoCs

description	pid	Process
Token: 33	1936	AUDIODG.EXE
Token: SeIncBasePriorityPrivilege	1936	AUDIODG.EXE
Token: 33	1936	AUDIODG.EXE
Token: SeIncBasePriorityPrivilege	1936	AUDIODG.EXE

Suspicious use of WriteProcessMemory 7 IoCs

description	pid	Process	procid_target
PID 1348 wrote to memory of 1372	1348	rundll32.exe	26
PID 1348 wrote to memory of 1372	1348	rundll32.exe	26
PID 1348 wrote to memory of 1372	1348	rundll32.exe	26
PID 1348 wrote to memory of 1372	1348	rundll32.exe	26
PID 1348 wrote to memory of 1372	1348	rundll32.exe	26
PID 1348 wrote to memory of 1372	1348	rundll32.exe	26
PID 1348 wrote to memory of 1372	1348	rundll32.exe	26

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\8a105c940cebbaf52f2cf2db8a4eaae547d08631c1f335bd9c5ef30c35f8970d.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:1348
- C:\Windows\SysWOW64\rundll32.exe
  rundll32.exe C:\Users\Admin\AppData\Local\Temp\8a105c940cebbaf52f2cf2db8a4eaae547d08631c1f335bd9c5ef30c35f8970d.dll,#1
  2⤵
  PID:1372

C:\Windows\system32\AUDIODG.EXE
C:\Windows\system32\AUDIODG.EXE 0x47c
1⤵
- Suspicious use of AdjustPrivilegeToken
PID:1936

memory/1372-55-0x00000000750A1000-0x00000000750A3000-memory.dmp

Filesize
8KB

Download