Resubmissions
06-02-2023 08:40
230206-kk236acg99 1006-02-2023 08:37
230206-kjc3mscg93 1006-02-2023 07:50
230206-jpbw4acf42 10Analysis
-
max time kernel
114s -
max time network
104s -
platform
windows7_x64 -
resource
win7-20221111-en -
resource tags
arch:x64arch:x86image:win7-20221111-enlocale:en-usos:windows7-x64system -
submitted
06-02-2023 08:37
Static task
static1
Behavioral task
behavioral1
Sample
008ad6f06b42fa51f990a67d08a39cae.zip
Resource
win7-20221111-en
windows7-x64
Behavioral task
behavioral2
Sample
008ad6f06b42fa51f990a67d08a39cae.zip
Resource
win10v2004-20220812-en
windows10-2004-x64
Behavioral task
behavioral3
Sample
dad9e695e9f592e48326dd349556f81987c115ad152bf3433f12d969135d943a.exe
Resource
win7-20220812-en
windows7-x64
Behavioral task
behavioral4
Sample
dad9e695e9f592e48326dd349556f81987c115ad152bf3433f12d969135d943a.exe
Resource
win10v2004-20221111-en
windows10-2004-x64
General
-
Target
008ad6f06b42fa51f990a67d08a39cae.zip
-
Size
3.3MB
-
MD5
1cefb61bc04d04ac2db1d0dc447cea1a
-
SHA1
0041a52155376c216ebe9544a3ad3197388b0355
-
SHA256
c3704d9a70d0ad5a30590190e69f4748de1e232042bfbd6d43a3ea6f573dc18c
-
SHA512
e9ab6191648c908f3636c41d805aca0b1a9947adcb8a19fac42b3d6e1351b240021d307366a5b005f8cd15164774fe3c5fd390ae26edee7e00ce431669719f89
-
SSDEEP
49152:qWP7+TTAbkk60inpejudKswewO8DphzsDL4kDPDLAkJ7jWqNle:qWwvxndKzewO8Dphzyck7TJ7jWz
Malware Config
Signatures
-
Suspicious behavior: EnumeratesProcesses 3 IoCs
pid Process 672 taskmgr.exe 672 taskmgr.exe 672 taskmgr.exe -
Suspicious use of AdjustPrivilegeToken 5 IoCs
description pid Process Token: SeDebugPrivilege 672 taskmgr.exe Token: 33 1048 AUDIODG.EXE Token: SeIncBasePriorityPrivilege 1048 AUDIODG.EXE Token: 33 1048 AUDIODG.EXE Token: SeIncBasePriorityPrivilege 1048 AUDIODG.EXE -
Suspicious use of FindShellTrayWindow 29 IoCs
pid Process 672 taskmgr.exe 672 taskmgr.exe 672 taskmgr.exe 672 taskmgr.exe 672 taskmgr.exe 672 taskmgr.exe 672 taskmgr.exe 672 taskmgr.exe 672 taskmgr.exe 672 taskmgr.exe 672 taskmgr.exe 672 taskmgr.exe 672 taskmgr.exe 672 taskmgr.exe 672 taskmgr.exe 672 taskmgr.exe 672 taskmgr.exe 672 taskmgr.exe 672 taskmgr.exe 672 taskmgr.exe 672 taskmgr.exe 672 taskmgr.exe 672 taskmgr.exe 672 taskmgr.exe 672 taskmgr.exe 672 taskmgr.exe 672 taskmgr.exe 672 taskmgr.exe 672 taskmgr.exe -
Suspicious use of SendNotifyMessage 29 IoCs
pid Process 672 taskmgr.exe 672 taskmgr.exe 672 taskmgr.exe 672 taskmgr.exe 672 taskmgr.exe 672 taskmgr.exe 672 taskmgr.exe 672 taskmgr.exe 672 taskmgr.exe 672 taskmgr.exe 672 taskmgr.exe 672 taskmgr.exe 672 taskmgr.exe 672 taskmgr.exe 672 taskmgr.exe 672 taskmgr.exe 672 taskmgr.exe 672 taskmgr.exe 672 taskmgr.exe 672 taskmgr.exe 672 taskmgr.exe 672 taskmgr.exe 672 taskmgr.exe 672 taskmgr.exe 672 taskmgr.exe 672 taskmgr.exe 672 taskmgr.exe 672 taskmgr.exe 672 taskmgr.exe
Processes
-
C:\Windows\Explorer.exeC:\Windows\Explorer.exe /idlist,,C:\Users\Admin\AppData\Local\Temp\008ad6f06b42fa51f990a67d08a39cae.zip1⤵PID:1540
-
C:\Windows\system32\taskmgr.exe"C:\Windows\system32\taskmgr.exe" /41⤵
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
PID:672
-
C:\Windows\explorer.exe"C:\Windows\explorer.exe"1⤵PID:468
-
C:\Windows\system32\AUDIODG.EXEC:\Windows\system32\AUDIODG.EXE 0x1bc1⤵
- Suspicious use of AdjustPrivilegeToken
PID:1048