86ccc74375405ef5a86bb26071ec345d3d800438d1e0caa4a6d0cb43bd8562df

Analysis

max time kernel
126s
max time network
34s
platform
windows7_x64
resource
win7-20221111-en
resource tags

arch:x64arch:x86image:win7-20221111-enlocale:en-usos:windows7-x64system
submitted
13-12-2022 19:38

Target

86ccc74375405ef5a86bb26071ec345d3d800438d1e0caa4a6d0cb43bd8562df.exe
Size

3.0MB
MD5

9ca7bea6e8a1af2dd7e60f78364dad90
SHA1

9e293b3957af96e385ce15e256879c6b02c51901
SHA256

86ccc74375405ef5a86bb26071ec345d3d800438d1e0caa4a6d0cb43bd8562df
SHA512

f4480f2f5c248591e7fe32a4835275c3421db5c54eef890d42a9478a3978f45696884141dd04014950fa9a6fde8bb58debc3f3bf2518ec3693668e0b039a56ff
SSDEEP

49152:skKSYoAZCTE3TUzwkATt0uFZmcg9Bsle+iE7YCANkHZ/ebWQsqmq7c+:sk5YoAZCgDG8T9pYBsVMA/yWQs

Score

1^/10

Suspicious use of AdjustPrivilegeToken 4 IoCs

description	pid	Process
Token: 33	1220	AUDIODG.EXE
Token: SeIncBasePriorityPrivilege	1220	AUDIODG.EXE
Token: 33	1220	AUDIODG.EXE
Token: SeIncBasePriorityPrivilege	1220	AUDIODG.EXE

C:\Users\Admin\AppData\Local\Temp\86ccc74375405ef5a86bb26071ec345d3d800438d1e0caa4a6d0cb43bd8562df.exe
"C:\Users\Admin\AppData\Local\Temp\86ccc74375405ef5a86bb26071ec345d3d800438d1e0caa4a6d0cb43bd8562df.exe"
1⤵
PID:1692

C:\Windows\system32\AUDIODG.EXE
C:\Windows\system32\AUDIODG.EXE 0x1b4
1⤵
- Suspicious use of AdjustPrivilegeToken
PID:1220

memory/1692-54-0x00000000763A1000-0x00000000763A3000-memory.dmp

Filesize
8KB

Download