6d9ada349683ee0eba45222aa55394649b9ecdfed39d3e7de604b050ba719858

Analysis

max time kernel
130s
max time network
36s
platform
windows7_x64
resource
win7-20221111-en
resource tags

arch:x64arch:x86image:win7-20221111-enlocale:en-usos:windows7-x64system
submitted
19/12/2022, 22:14

Target

6d9ada349683ee0eba45222aa55394649b9ecdfed39d3e7de604b050ba719858.exe
Size

549KB
MD5

187f63654f0bdcb2b9e7d124d77711de
SHA1

7ebc590d310ff604f2535876cb7690c554f1841c
SHA256

6d9ada349683ee0eba45222aa55394649b9ecdfed39d3e7de604b050ba719858
SHA512

5553c352ce1228e42c515ce7e89546b3a55f0042e955cb43df340db652813bf855c4a30a41c2b5aa887e13b3c2e3373cb3ca6819a572eea9e1cad06fa271fc92
SSDEEP

12288:WaJFfT7nncafLLZjQzCa778ynctMtcjd4PC:WcfHtjtyCqncyi54

Score

1^/10

Suspicious use of AdjustPrivilegeToken 4 IoCs

description	pid	Process
Token: 33	1680	AUDIODG.EXE
Token: SeIncBasePriorityPrivilege	1680	AUDIODG.EXE
Token: 33	1680	AUDIODG.EXE
Token: SeIncBasePriorityPrivilege	1680	AUDIODG.EXE

C:\Users\Admin\AppData\Local\Temp\6d9ada349683ee0eba45222aa55394649b9ecdfed39d3e7de604b050ba719858.exe
"C:\Users\Admin\AppData\Local\Temp\6d9ada349683ee0eba45222aa55394649b9ecdfed39d3e7de604b050ba719858.exe"
1⤵
PID:1564

C:\Windows\system32\AUDIODG.EXE
C:\Windows\system32\AUDIODG.EXE 0x55c
1⤵
- Suspicious use of AdjustPrivilegeToken
PID:1680

memory/1564-54-0x0000000076581000-0x0000000076583000-memory.dmp

Filesize
8KB

Download
memory/1564-55-0x0000000000400000-0x00000000004DD000-memory.dmp

Filesize
884KB

Download
memory/1564-56-0x0000000000230000-0x0000000000233000-memory.dmp

Filesize
12KB

Download
memory/1564-57-0x0000000000230000-0x0000000000233000-memory.dmp

Filesize
12KB

Download
memory/1564-58-0x0000000000400000-0x00000000004DD000-memory.dmp

Filesize
884KB

Download