bc885f23da1fd109e28c6645bda9606c04a39e1aa5a5ce2b15fb16b9732ebc3f

Analysis

max time kernel
40s
max time network
46s
platform
windows7_x64
resource
win7-20220812-en
resource tags

arch:x64arch:x86image:win7-20220812-enlocale:en-usos:windows7-x64system
submitted
04-12-2022 12:01

Target

bc885f23da1fd109e28c6645bda9606c04a39e1aa5a5ce2b15fb16b9732ebc3f.exe
Size

123KB
MD5

19691b0ebc0aa4a461d42f614cf7c09d
SHA1

00f91b2bb9e4c6aaa14c353e391391a357a70316
SHA256

bc885f23da1fd109e28c6645bda9606c04a39e1aa5a5ce2b15fb16b9732ebc3f
SHA512

a202cf77ce0ef5195eaf201026588b43f2fa7b73f5dea08283491d186ad52b781a8f44913f1cbf94ee3039f65050a8193e2581bdae99d3e78d356434bc222824
SSDEEP

3072:HqZDoruO3kRx0l2or/k1L1IkNS8OzB1bw3+dQy:Hq+Kcwxl6k1L1FXO3b

Score

1^/10

Suspicious use of AdjustPrivilegeToken 4 IoCs

description	pid	Process
Token: 33	304	AUDIODG.EXE
Token: SeIncBasePriorityPrivilege	304	AUDIODG.EXE
Token: 33	304	AUDIODG.EXE
Token: SeIncBasePriorityPrivilege	304	AUDIODG.EXE

C:\Users\Admin\AppData\Local\Temp\bc885f23da1fd109e28c6645bda9606c04a39e1aa5a5ce2b15fb16b9732ebc3f.exe
"C:\Users\Admin\AppData\Local\Temp\bc885f23da1fd109e28c6645bda9606c04a39e1aa5a5ce2b15fb16b9732ebc3f.exe"
1⤵
PID:1480

C:\Windows\system32\AUDIODG.EXE
C:\Windows\system32\AUDIODG.EXE 0x1c4
1⤵
- Suspicious use of AdjustPrivilegeToken
PID:304

memory/1480-54-0x0000000000400000-0x0000000000479000-memory.dmp

Filesize
484KB

Download
memory/1480-55-0x0000000000400000-0x0000000000479000-memory.dmp

Filesize
484KB

Download