e9c4e6447c14bcbe74ee6a872ce7af909392412e1c8d2226cf493cac2ced2cc0 | Triage

Analysis

max time kernel
30s
max time network
45s
platform
windows7_x64
resource
win7-20220812-en
resource tags

arch:x64arch:x86image:win7-20220812-enlocale:en-usos:windows7-x64system
submitted
03-01-2023 15:54

Sharing

Report Analysis Logs

General

Target

flstudio_win_20.7.2.1863.exe
Size

921.9MB
MD5

1a23f4c602a6ca56bf45dce932614f50
SHA1

c0888c0f0149d71f2bb08e5b056a93fe8e413c04
SHA256

e9c4e6447c14bcbe74ee6a872ce7af909392412e1c8d2226cf493cac2ced2cc0
SHA512

61bbd9feabbc5b078c4a2848d13c232ae28621d6e9a3b6ef0b50d3143886ad98d23b994cf6922e99103366ced63435fe54a763585d8f894adfe238a89b8bf505
SSDEEP

3145728:yo7U4xq6G01lhZV2KCN/k8TOYkDtr72v4kgImAfA:y+86G0lK/kceD0vmAI

Score

3^/10

Malware Config

Signatures

Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s). Likely ransomware behaviour.

System Information Discovery
T1082

Suspicious use of AdjustPrivilegeToken 4 IoCs

description	pid	Process
Token: 33	1720	AUDIODG.EXE
Token: SeIncBasePriorityPrivilege	1720	AUDIODG.EXE
Token: 33	1720	AUDIODG.EXE
Token: SeIncBasePriorityPrivilege	1720	AUDIODG.EXE

C:\Users\Admin\AppData\Local\Temp\flstudio_win_20.7.2.1863.exe
"C:\Users\Admin\AppData\Local\Temp\flstudio_win_20.7.2.1863.exe"
1⤵
PID:864

C:\Windows\explorer.exe
"C:\Windows\explorer.exe"
1⤵
PID:520

C:\Windows\system32\AUDIODG.EXE
C:\Windows\system32\AUDIODG.EXE 0x2f0
1⤵
- Suspicious use of AdjustPrivilegeToken
PID:1720

Network

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

memory/520-55-0x000007FEFC0D1000-0x000007FEFC0D3000-memory.dmp

Filesize
8KB

Download
memory/864-54-0x0000000076261000-0x0000000076263000-memory.dmp

Filesize
8KB

Download