b33ec705743a2a701238ecfaafbf96e1846216e1b77181dbca48223850b41831

Analysis

max time kernel
195s
max time network
200s
platform
windows10-2004_x64
resource
win10v2004-20221111-en
resource tags

arch:x64arch:x86image:win10v2004-20221111-enlocale:en-usos:windows10-2004-x64system
submitted
07/12/2022, 00:38

Target

b33ec705743a2a701238ecfaafbf96e1846216e1b77181dbca48223850b41831.dll
Size

300KB
MD5

9b2f37e62405a024d0b78e79a506620c
SHA1

19dad17e831049b870b84be349fe1ff1ab498d9d
SHA256

b33ec705743a2a701238ecfaafbf96e1846216e1b77181dbca48223850b41831
SHA512

fb0b43b7cf9ce8ecbe6c4fab120428e5f6cb31598d5ccb8b7d3b7af6bbf33e643918d3634c109858a6d700ddad9bf0702583924f167a044d03a996ec536494fd
SSDEEP

6144:gKI9o5aOrnYEGBLFdb3s0do61yaBf1/uiARYmgMvspd:DIEa+nYEuRRs0do61yaB5uWmgMv4

Score

1^/10

Suspicious use of AdjustPrivilegeToken 2 IoCs

description	pid	Process
Token: 33	3192	AUDIODG.EXE
Token: SeIncBasePriorityPrivilege	3192	AUDIODG.EXE

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 4320 wrote to memory of 4436	4320	rundll32.exe	82
PID 4320 wrote to memory of 4436	4320	rundll32.exe	82
PID 4320 wrote to memory of 4436	4320	rundll32.exe	82

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\b33ec705743a2a701238ecfaafbf96e1846216e1b77181dbca48223850b41831.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:4320
- C:\Windows\SysWOW64\rundll32.exe
  rundll32.exe C:\Users\Admin\AppData\Local\Temp\b33ec705743a2a701238ecfaafbf96e1846216e1b77181dbca48223850b41831.dll,#1
  2⤵
  PID:4436

C:\Windows\system32\AUDIODG.EXE
C:\Windows\system32\AUDIODG.EXE 0x410 0x2fc
1⤵
- Suspicious use of AdjustPrivilegeToken
PID:3192