af69e452c1d0cf89cc8f3feeef131b447609d096ed41821ae1e74e4dd992e577

Analysis

max time kernel
45s
max time network
51s
platform
windows7_x64
resource
win7-20220901-en
resource tags

arch:x64arch:x86image:win7-20220901-enlocale:en-usos:windows7-x64system
submitted
06/12/2022, 11:11

Sharing

Copy URL Twitter E-mail

Report Analysis Logs

General

Target

af69e452c1d0cf89cc8f3feeef131b447609d096ed41821ae1e74e4dd992e577.exe
Size

56KB
MD5

0d700bfb0a6b031a4dec55c1fab2627c
SHA1

0457bf7c8d479683a2e1d9cf8d46b1a26b260a53
SHA256

af69e452c1d0cf89cc8f3feeef131b447609d096ed41821ae1e74e4dd992e577
SHA512

2821f4e9ab88ded665b88c5f362b0165dabeb366bbb3af40f822524b979168b4292bb0c646e4ef3389ed28978d45604d297f7f676713e7994432e7d6ee70c55b
SSDEEP

768:5mvuo9LGsEixu1MmvaS/dyjfXC1diTdDxeAxaj4HV1qSf/xu:5m2oVG5la7TISf

Score

1^/10

Malware Config

Signatures

Modifies Internet Explorer settings 1 TTPs 1 IoCs

adware spyware

Modify Registry

T1112

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-21-4063495947-34355257-727531523-1000\Software\Microsoft\Internet Explorer\Main	af69e452c1d0cf89cc8f3feeef131b447609d096ed41821ae1e74e4dd992e577.exe

Suspicious use of AdjustPrivilegeToken 4 IoCs

description	pid	Process
Token: 33	452	AUDIODG.EXE
Token: SeIncBasePriorityPrivilege	452	AUDIODG.EXE
Token: 33	452	AUDIODG.EXE
Token: SeIncBasePriorityPrivilege	452	AUDIODG.EXE

Suspicious use of SetWindowsHookEx 3 IoCs

pid	Process
1600	af69e452c1d0cf89cc8f3feeef131b447609d096ed41821ae1e74e4dd992e577.exe
1600	af69e452c1d0cf89cc8f3feeef131b447609d096ed41821ae1e74e4dd992e577.exe
1600	af69e452c1d0cf89cc8f3feeef131b447609d096ed41821ae1e74e4dd992e577.exe

C:\Users\Admin\AppData\Local\Temp\af69e452c1d0cf89cc8f3feeef131b447609d096ed41821ae1e74e4dd992e577.exe
"C:\Users\Admin\AppData\Local\Temp\af69e452c1d0cf89cc8f3feeef131b447609d096ed41821ae1e74e4dd992e577.exe"
1⤵
- Modifies Internet Explorer settings
- Suspicious use of SetWindowsHookEx
PID:1600

C:\Windows\system32\AUDIODG.EXE
C:\Windows\system32\AUDIODG.EXE 0x478
1⤵
- Suspicious use of AdjustPrivilegeToken
PID:452

Network

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

T1112

Credential Access

Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

memory/1600-56-0x00000000752B1000-0x00000000752B3000-memory.dmp

Filesize
8KB

Download
memory/1600-57-0x0000000003D90000-0x0000000004DF2000-memory.dmp

Filesize
16.4MB

Download