b33ec705743a2a701238ecfaafbf96e1846216e1b77181dbca48223850b41831

Analysis

max time kernel
100s
max time network
45s
platform
windows7_x64
resource
win7-20220812-en
resource tags

arch:x64arch:x86image:win7-20220812-enlocale:en-usos:windows7-x64system
submitted
07/12/2022, 00:38

Target

b33ec705743a2a701238ecfaafbf96e1846216e1b77181dbca48223850b41831.dll
Size

300KB
MD5

9b2f37e62405a024d0b78e79a506620c
SHA1

19dad17e831049b870b84be349fe1ff1ab498d9d
SHA256

b33ec705743a2a701238ecfaafbf96e1846216e1b77181dbca48223850b41831
SHA512

fb0b43b7cf9ce8ecbe6c4fab120428e5f6cb31598d5ccb8b7d3b7af6bbf33e643918d3634c109858a6d700ddad9bf0702583924f167a044d03a996ec536494fd
SSDEEP

6144:gKI9o5aOrnYEGBLFdb3s0do61yaBf1/uiARYmgMvspd:DIEa+nYEuRRs0do61yaB5uWmgMv4

Score

1^/10

Suspicious use of AdjustPrivilegeToken 4 IoCs

description	pid	Process
Token: 33	1776	AUDIODG.EXE
Token: SeIncBasePriorityPrivilege	1776	AUDIODG.EXE
Token: 33	1776	AUDIODG.EXE
Token: SeIncBasePriorityPrivilege	1776	AUDIODG.EXE

Suspicious use of WriteProcessMemory 7 IoCs

description	pid	Process	procid_target
PID 1792 wrote to memory of 1976	1792	rundll32.exe	28
PID 1792 wrote to memory of 1976	1792	rundll32.exe	28
PID 1792 wrote to memory of 1976	1792	rundll32.exe	28
PID 1792 wrote to memory of 1976	1792	rundll32.exe	28
PID 1792 wrote to memory of 1976	1792	rundll32.exe	28
PID 1792 wrote to memory of 1976	1792	rundll32.exe	28
PID 1792 wrote to memory of 1976	1792	rundll32.exe	28

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\b33ec705743a2a701238ecfaafbf96e1846216e1b77181dbca48223850b41831.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:1792
- C:\Windows\SysWOW64\rundll32.exe
  rundll32.exe C:\Users\Admin\AppData\Local\Temp\b33ec705743a2a701238ecfaafbf96e1846216e1b77181dbca48223850b41831.dll,#1
  2⤵
  PID:1976

C:\Windows\system32\AUDIODG.EXE
C:\Windows\system32\AUDIODG.EXE 0x478
1⤵
- Suspicious use of AdjustPrivilegeToken
PID:1776

memory/1976-55-0x0000000076321000-0x0000000076323000-memory.dmp

Filesize
8KB

Download