9003242bfd5b42070db0df711c24b77ed44d5d0c82790c5f87242d665b36c511

Analysis

max time kernel
19s
max time network
49s
platform
windows7_x64
resource
win7-20220812-en
resource tags

arch:x64arch:x86image:win7-20220812-enlocale:en-usos:windows7-x64system
submitted
04-12-2022 06:41

Target

9003242bfd5b42070db0df711c24b77ed44d5d0c82790c5f87242d665b36c511.exe
Size

186KB
MD5

4f575125dc20f95c4f7c8ad860a9e630
SHA1

5e30497a545816d8ce81688bc48717f10e14759a
SHA256

9003242bfd5b42070db0df711c24b77ed44d5d0c82790c5f87242d665b36c511
SHA512

1c751d4fc7709213cc613efceb7b9ed1341e33054e448e629db0b244264ed5bef3083aaa35a19ebf8803a4b0f201c7230be81c30a8ed2a2c75fad8a9a1410d72
SSDEEP

3072:wu1F4QA4nDbfagCqKZk5yY/SKn+ktgWh8NNV/xzzdzQNjVCycgT6WXYt5/hxAwAX:wu1F4QA4nDWgRAkPSA+kidpXRfeXYTJD

Score

1^/10

Suspicious use of AdjustPrivilegeToken 4 IoCs

description	pid	Process
Token: 33	964	AUDIODG.EXE
Token: SeIncBasePriorityPrivilege	964	AUDIODG.EXE
Token: 33	964	AUDIODG.EXE
Token: SeIncBasePriorityPrivilege	964	AUDIODG.EXE

C:\Users\Admin\AppData\Local\Temp\9003242bfd5b42070db0df711c24b77ed44d5d0c82790c5f87242d665b36c511.exe
"C:\Users\Admin\AppData\Local\Temp\9003242bfd5b42070db0df711c24b77ed44d5d0c82790c5f87242d665b36c511.exe"
1⤵
PID:904

C:\Windows\system32\AUDIODG.EXE
C:\Windows\system32\AUDIODG.EXE 0x574
1⤵
- Suspicious use of AdjustPrivilegeToken
PID:964

memory/904-54-0x0000000075021000-0x0000000075023000-memory.dmp

Filesize
8KB

Download
memory/904-56-0x00000000003B0000-0x00000000003DE000-memory.dmp

Filesize
184KB

Download
memory/904-55-0x0000000000400000-0x0000000000473000-memory.dmp

Filesize
460KB

Download
memory/904-57-0x0000000000400000-0x0000000000473000-memory.dmp

Filesize
460KB

Download