3539c61962135c39176ba278fffe871d39d7f2055000650f8b13bdcad2d0d502 | Triage

Analysis

max time kernel
201s
max time network
45s
platform
windows7_x64
resource
win7-20220812-en
resource tags

arch:x64arch:x86image:win7-20220812-enlocale:en-usos:windows7-x64system
submitted
29-12-2022 04:30

Sharing

Report Analysis Logs

General

Target

blackcat.zip
Size

1.6MB
MD5

f8fa36ebd1c3e16af23c1e5e5b08b81d
SHA1

420febdc5f3f0cda8097ab229f137a9806d19dea
SHA256

3539c61962135c39176ba278fffe871d39d7f2055000650f8b13bdcad2d0d502
SHA512

9aeeaa8dc99c3d56e68f80fed3609c4fe777acf30f67b2e9d39e8f2e74be77682501c75ff17fe20ab24b2b462db103cae1b16cad5e927dc5145fcef0b7d1a7c1
SSDEEP

49152:ji3xXV9n+CCQUcyqDUSuc002G3RvISSfl211I:jyxDCXcyjSuc002mg/flgI

Score

1^/10

Malware Config

Signatures

Suspicious use of AdjustPrivilegeToken 4 IoCs

description	pid	Process
Token: 33	1232	AUDIODG.EXE
Token: SeIncBasePriorityPrivilege	1232	AUDIODG.EXE
Token: 33	1232	AUDIODG.EXE
Token: SeIncBasePriorityPrivilege	1232	AUDIODG.EXE

C:\Windows\Explorer.exe
C:\Windows\Explorer.exe /idlist,,C:\Users\Admin\AppData\Local\Temp\blackcat.zip
1⤵
PID:1052

C:\Windows\system32\AUDIODG.EXE
C:\Windows\system32\AUDIODG.EXE 0x514
1⤵
- Suspicious use of AdjustPrivilegeToken
PID:1232

C:\Users\Admin\Desktop\blackcat.exe
"C:\Users\Admin\Desktop\blackcat.exe"
1⤵
PID:1576

C:\Users\Admin\Desktop\blackcat.exe
"C:\Users\Admin\Desktop\blackcat.exe"
1⤵
PID:988

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

memory/1576-54-0x0000000075601000-0x0000000075603000-memory.dmp

Filesize
8KB

Download