a4c64cbe15c72d6a0a3a7717af4f73a30b28a9d6f4edb7336d1ddc9b1ecdc17e

Analysis

max time kernel
91s
max time network
152s
platform
windows10-2004_x64
resource
win10v2004-20220901-en
resource tags

arch:x64arch:x86image:win10v2004-20220901-enlocale:en-usos:windows10-2004-x64system
submitted
03/12/2022, 18:18

Sharing

Copy URL Twitter E-mail

Report Analysis Logs

General

Target

a4c64cbe15c72d6a0a3a7717af4f73a30b28a9d6f4edb7336d1ddc9b1ecdc17e.exe
Size

2.1MB
MD5

74c1539a034ee3fdf4f9d027b1072e76
SHA1

9fa71f7cdd26ad98caa8dc5fac1ae839fa423403
SHA256

a4c64cbe15c72d6a0a3a7717af4f73a30b28a9d6f4edb7336d1ddc9b1ecdc17e
SHA512

ac78f4785b9fd7fe8cbb6b6f1dd69a3789ece18692efecb8adb3ef6558cc6e3769896b5494c8e38ba83566856ce93a4e210fc776ef2638d7ce3e2dad87275a72
SSDEEP

24576:mympzbzcz6b9OBnJTyF2fkJZc0zABlhARAR59Y5ZyXrZP+5zhKi50hwhitrstghm:78vB5IobZ6lhAtHyXkn8AgbAF

Score

1^/10

Malware Config

Signatures

Checks processor information in registry 2 TTPs 3 IoCs

Processor information is often read in order to detect sandboxing environments.

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0	a4c64cbe15c72d6a0a3a7717af4f73a30b28a9d6f4edb7336d1ddc9b1ecdc17e.exe
Key queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0	a4c64cbe15c72d6a0a3a7717af4f73a30b28a9d6f4edb7336d1ddc9b1ecdc17e.exe
Key value enumerated	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0	a4c64cbe15c72d6a0a3a7717af4f73a30b28a9d6f4edb7336d1ddc9b1ecdc17e.exe

Suspicious use of AdjustPrivilegeToken 2 IoCs

description	pid	Process
Token: 33	3124	AUDIODG.EXE
Token: SeIncBasePriorityPrivilege	3124	AUDIODG.EXE

Suspicious use of SetWindowsHookEx 5 IoCs

pid	Process
5060	a4c64cbe15c72d6a0a3a7717af4f73a30b28a9d6f4edb7336d1ddc9b1ecdc17e.exe
5060	a4c64cbe15c72d6a0a3a7717af4f73a30b28a9d6f4edb7336d1ddc9b1ecdc17e.exe
5060	a4c64cbe15c72d6a0a3a7717af4f73a30b28a9d6f4edb7336d1ddc9b1ecdc17e.exe
5060	a4c64cbe15c72d6a0a3a7717af4f73a30b28a9d6f4edb7336d1ddc9b1ecdc17e.exe
5060	a4c64cbe15c72d6a0a3a7717af4f73a30b28a9d6f4edb7336d1ddc9b1ecdc17e.exe

C:\Users\Admin\AppData\Local\Temp\a4c64cbe15c72d6a0a3a7717af4f73a30b28a9d6f4edb7336d1ddc9b1ecdc17e.exe
"C:\Users\Admin\AppData\Local\Temp\a4c64cbe15c72d6a0a3a7717af4f73a30b28a9d6f4edb7336d1ddc9b1ecdc17e.exe"
1⤵
- Checks processor information in registry
- Suspicious use of SetWindowsHookEx
PID:5060

C:\Windows\system32\AUDIODG.EXE
C:\Windows\system32\AUDIODG.EXE 0x46c 0x504
1⤵
- Suspicious use of AdjustPrivilegeToken
PID:3124

Network

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Enterprise v6

Replay Monitor

Loading Replay Monitor...

Downloads