3276b743f66e1d4b84701959a96ccec4e543d6de39cda61c21d1a21bebf1f779

Analysis

max time kernel
40s
max time network
47s
platform
windows7_x64
resource
win7-20220901-en
resource tags

arch:x64arch:x86image:win7-20220901-enlocale:en-usos:windows7-x64system
submitted
31/12/2022, 05:38

Target

Setup.exe
Size

457.1MB
MD5

aa035b5cc5302df7dd4daeef996eda50
SHA1

d2eb27fd73dd479d2a64930578229b7b4096a9f5
SHA256

543d20b501a808f51aaa083158c196f07de2f0ab56e34aebbe0858bdb65abcff
SHA512

0b94ad6536229417b31968b4201877c3d38005cf0478afeaeed0575d021e36fb7cff633152395daef0df1f2f81cffc2e77b19a3605526d96dc1c30c7cf307d65
SSDEEP

12288:fIipf19UlmFI5ojbOh4EV8QdxSvx3uE8L7y/npsASJBQCHj8Gqq3DEd/E/JycH7S:V9UgzjlOUXi2sDdjiBajNAlV0AN

Score

3^/10

Program crash 1 IoCs

pid	pid_target	Process	procid_target
1932	1328	WerFault.exe	27

Suspicious use of AdjustPrivilegeToken 4 IoCs

description	pid	Process
Token: 33	1580	AUDIODG.EXE
Token: SeIncBasePriorityPrivilege	1580	AUDIODG.EXE
Token: 33	1580	AUDIODG.EXE
Token: SeIncBasePriorityPrivilege	1580	AUDIODG.EXE

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 1328 wrote to memory of 1932	1328	Setup.exe	29
PID 1328 wrote to memory of 1932	1328	Setup.exe	29
PID 1328 wrote to memory of 1932	1328	Setup.exe	29

C:\Users\Admin\AppData\Local\Temp\Setup.exe
"C:\Users\Admin\AppData\Local\Temp\Setup.exe"
1⤵
- Suspicious use of WriteProcessMemory
PID:1328
- C:\Windows\system32\WerFault.exe
  C:\Windows\system32\WerFault.exe -u -p 1328 -s 644
  2⤵
  - Program crash
  PID:1932

C:\Windows\system32\AUDIODG.EXE
C:\Windows\system32\AUDIODG.EXE 0x4f4
1⤵
- Suspicious use of AdjustPrivilegeToken
PID:1580

memory/1284-54-0x000007FEFB621000-0x000007FEFB623000-memory.dmp

Filesize
8KB

Download
memory/1328-55-0x0000000000CB0000-0x0000000000E5A000-memory.dmp

Filesize
1.7MB

Download