d6021ec49b9230d80dd07cfe08a43729ea7b5944eac9cb34c2a712c36a5592d8

Analysis

max time kernel
91s
max time network
120s
platform
windows10-2004_x64
resource
win10v2004-20221111-en
resource tags

arch:x64arch:x86image:win10v2004-20221111-enlocale:en-usos:windows10-2004-x64system
submitted
03-01-2023 04:15

Target

KMSAuto Net.exe
Size

8.6MB
MD5

93a3a8ce440197d31168fac569082937
SHA1

fad3066803a1ba8f9cb8bb7d1969eea0398b5ea0
SHA256

22ef521964080e77d7006f9341d720683fa98409361c62a7bc4fe81ec474b1b2
SHA512

08efe7e24d8d9e484d39c1381421c3fbbf231e46a5ac33c22bf3735a06c4a3d278a752c25afeb4217cc663a6c6955a55985056a7d5d5142e57c2ac5d99e5d0c8
SSDEEP

196608:OkwywCAfywOwe+ZCcyw3ywsyw3ywZywcywZywBywEyw4ywwywmIBywyywsywcywy:3wCAqwU+ZowiwxwiwUwBwUw8wJwVwtwF

Score

1^/10

Suspicious use of AdjustPrivilegeToken 2 IoCs

description	pid	Process
Token: 33	3504	AUDIODG.EXE
Token: SeIncBasePriorityPrivilege	3504	AUDIODG.EXE

Suspicious use of WriteProcessMemory 7 IoCs

description	pid	Process	procid_target
PID 760 wrote to memory of 4288	760	KMSAuto Net.exe	81
PID 760 wrote to memory of 4288	760	KMSAuto Net.exe	81
PID 760 wrote to memory of 4288	760	KMSAuto Net.exe	81
PID 760 wrote to memory of 3860	760	KMSAuto Net.exe	85
PID 760 wrote to memory of 3860	760	KMSAuto Net.exe	85
PID 760 wrote to memory of 1272	760	KMSAuto Net.exe	87
PID 760 wrote to memory of 1272	760	KMSAuto Net.exe	87

C:\Users\Admin\AppData\Local\Temp\KMSAuto Net.exe
"C:\Users\Admin\AppData\Local\Temp\KMSAuto Net.exe"
1⤵
- Suspicious use of WriteProcessMemory
PID:760
- C:\Windows\SysWOW64\cmd.exe
  cmd /c md "C:\Users\Admin\AppData\Local\MSfree Inc"
  2⤵
  PID:4288
- C:\Windows\system32\cmd.exe
  C:\Windows\Sysnative\cmd.exe /c echo test>>"C:\Users\Admin\AppData\Local\Temp\test.test"
  2⤵
  PID:3860
- C:\Windows\system32\cmd.exe
  C:\Windows\Sysnative\cmd.exe /D /c del /F /Q "test.test"
  2⤵
  PID:1272

C:\Windows\system32\AUDIODG.EXE
C:\Windows\system32\AUDIODG.EXE 0x2d4 0x4bc
1⤵
- Suspicious use of AdjustPrivilegeToken
PID:3504

C:\Users\Admin\AppData\Local\Temp\test.test

Filesize
6B

MD5
9f06243abcb89c70e0c331c61d871fa7

SHA1
fde773a18bb29f5ed65e6f0a7aa717fd1fa485d4

SHA256
837ccb607e312b170fac7383d7ccfd61fa5072793f19a25e75fbacb56539b86b

SHA512
b947b99d1baddd347550c9032e9ab60b6be56551cf92c076b38e4e11f436051a4af51c47e54f8641316a720b043641a3b3c1e1b01ba50445ea1ba60bfd1b7a86

Download Submit
memory/760-132-0x0000000000DF0000-0x0000000001686000-memory.dmp

Filesize
8.6MB

Download
memory/760-133-0x0000000006030000-0x00000000060CC000-memory.dmp

Filesize
624KB

Download
memory/760-134-0x0000000006680000-0x0000000006C24000-memory.dmp

Filesize
5.6MB

Download
memory/760-135-0x0000000006170000-0x0000000006202000-memory.dmp

Filesize
584KB

Download
memory/760-136-0x0000000006010000-0x000000000601A000-memory.dmp

Filesize
40KB

Download
memory/760-137-0x00000000063B0000-0x0000000006406000-memory.dmp

Filesize
344KB

Download