9660c1c4c2e617cdc5af6a7cc6b259b8383caa26f1871a80ec4fb08cd6564c45

Analysis

max time kernel
134s
max time network
179s
platform
windows10-2004_x64
resource
win10v2004-20221111-en
resource tags

arch:x64arch:x86image:win10v2004-20221111-enlocale:en-usos:windows10-2004-x64system
submitted
03/12/2022, 22:34

Target

9660c1c4c2e617cdc5af6a7cc6b259b8383caa26f1871a80ec4fb08cd6564c45.exe
Size

385KB
MD5

96a0265622932a63fe62f5f31ea96c0a
SHA1

bb42058056e7abeb91b4ca8e18909f2e298a346e
SHA256

9660c1c4c2e617cdc5af6a7cc6b259b8383caa26f1871a80ec4fb08cd6564c45
SHA512

95dfb181f0e69b4675d6de4c84467c10376a848c8d79be384125a34f3ec589b5e039b21aad99dcaa26a9ebccee88edeb09ba85e702cdba862ccc008b0ccaa044
SSDEEP

6144:2VH5sXKAzxdnAvJav5QraRwxE9NKoP8Unw9nwTWjPBeQIdehEt+5R0lDy7FnwuBt:YZVAFdAxaxsQwuLKokUGOSBeRyRPK0

Score

8^/10

upx

UPX packed file 1 IoCs

Detects executables packed with UPX/modified UPX open source packer.

resource	yara_rule
behavioral2/memory/4716-138-0x0000000000400000-0x00000000004CE000-memory.dmp	upx

Loads dropped DLL 1 IoCs

pid	Process
4508	9660c1c4c2e617cdc5af6a7cc6b259b8383caa26f1871a80ec4fb08cd6564c45.exe

Suspicious use of SetThreadContext 1 IoCs

description	pid	Process	procid_target
PID 4716 set thread context of 4508	4716	9660c1c4c2e617cdc5af6a7cc6b259b8383caa26f1871a80ec4fb08cd6564c45.exe	84

Suspicious use of AdjustPrivilegeToken 2 IoCs

description	pid	Process
Token: 33	3652	AUDIODG.EXE
Token: SeIncBasePriorityPrivilege	3652	AUDIODG.EXE

Suspicious use of SetWindowsHookEx 2 IoCs

pid	Process
4508	9660c1c4c2e617cdc5af6a7cc6b259b8383caa26f1871a80ec4fb08cd6564c45.exe
4508	9660c1c4c2e617cdc5af6a7cc6b259b8383caa26f1871a80ec4fb08cd6564c45.exe

Suspicious use of WriteProcessMemory 9 IoCs

description	pid	Process	procid_target
PID 4716 wrote to memory of 4508	4716	9660c1c4c2e617cdc5af6a7cc6b259b8383caa26f1871a80ec4fb08cd6564c45.exe	84
PID 4716 wrote to memory of 4508	4716	9660c1c4c2e617cdc5af6a7cc6b259b8383caa26f1871a80ec4fb08cd6564c45.exe	84
PID 4716 wrote to memory of 4508	4716	9660c1c4c2e617cdc5af6a7cc6b259b8383caa26f1871a80ec4fb08cd6564c45.exe	84
PID 4716 wrote to memory of 4508	4716	9660c1c4c2e617cdc5af6a7cc6b259b8383caa26f1871a80ec4fb08cd6564c45.exe	84
PID 4716 wrote to memory of 4508	4716	9660c1c4c2e617cdc5af6a7cc6b259b8383caa26f1871a80ec4fb08cd6564c45.exe	84
PID 4716 wrote to memory of 4508	4716	9660c1c4c2e617cdc5af6a7cc6b259b8383caa26f1871a80ec4fb08cd6564c45.exe	84
PID 4716 wrote to memory of 4508	4716	9660c1c4c2e617cdc5af6a7cc6b259b8383caa26f1871a80ec4fb08cd6564c45.exe	84
PID 4716 wrote to memory of 4508	4716	9660c1c4c2e617cdc5af6a7cc6b259b8383caa26f1871a80ec4fb08cd6564c45.exe	84
PID 4716 wrote to memory of 4508	4716	9660c1c4c2e617cdc5af6a7cc6b259b8383caa26f1871a80ec4fb08cd6564c45.exe	84

C:\Windows\system32\AUDIODG.EXE
C:\Windows\system32\AUDIODG.EXE 0x4f8 0x4f0
1⤵
- Suspicious use of AdjustPrivilegeToken
PID:3652

C:\Users\Admin\AppData\Local\Temp\bmEE3D.tmp

Filesize
33KB

MD5
e4ec57e8508c5c4040383ebe6d367928

SHA1
b22bcce36d9fdeae8ab7a7ecc0b01c8176648d06

SHA256
8ad9e47693e292f381da42ddc13724a3063040e51c26f4ca8e1f8e2f1ddd547f

SHA512
77d5cf66caf06e192e668fae2b2594e60a498e8e0ccef5b09b9710721a4cdb0c852d00c446fd32c5b5c85e739de2e73cb1f1f6044879fe7d237341bbb6f27822

Download Submit
memory/4508-133-0x0000000000400000-0x0000000000442000-memory.dmp

Filesize
264KB

Download
memory/4508-134-0x0000000000400000-0x0000000000442000-memory.dmp

Filesize
264KB

Download
memory/4508-136-0x0000000000400000-0x0000000000442000-memory.dmp

Filesize
264KB

Download
memory/4508-135-0x0000000000400000-0x0000000000442000-memory.dmp

Filesize
264KB

Download
memory/4508-139-0x0000000000400000-0x0000000000442000-memory.dmp

Filesize
264KB

Download
memory/4508-143-0x0000000010000000-0x0000000010013000-memory.dmp

Filesize
76KB

Download
memory/4716-138-0x0000000000400000-0x00000000004CE000-memory.dmp

Filesize
824KB

Download
memory/4716-141-0x0000000000550000-0x0000000000555000-memory.dmp

Filesize
20KB

Download
memory/4716-140-0x0000000002110000-0x0000000002151000-memory.dmp

Filesize
260KB

Download