15efd66ad17d5039ec2623d050b54ce0074a48370c61443c9ccbda08d5828bc1

Analysis

max time kernel
222s
max time network
347s
platform
windows7_x64
resource
win7-20221111-en
resource tags

arch:x64arch:x86image:win7-20221111-enlocale:en-usos:windows7-x64system
submitted
12-02-2023 18:18

Target

15efd66ad17d5039ec2623d050b54ce0074a48370c61443c9ccbda08d5828bc1.exe
Size

4.3MB
MD5

61dcaa9cd8a4f15b26e82cb9e2029b49
SHA1

bb8d085ec2a7a5e97c9e7ba1308ac1a201ca421d
SHA256

15efd66ad17d5039ec2623d050b54ce0074a48370c61443c9ccbda08d5828bc1
SHA512

97d394dd50ec1b07f5882afc9f2a86a0022526f8e582a0e7ab87f61c2b0bf00c455680c1d3db3d5b73daa0afd5fcaa01b9dc6f7c5d776f9f45ee23a85ceed753
SSDEEP

98304:np2LpSCErmLMcKhppsDo8cNtgOl1BgpRTwxh:p29SlqMTpUotPRWpRTwxh

Score

1^/10

Suspicious behavior: GetForegroundWindowSpam 1 IoCs

pid	Process
516	15efd66ad17d5039ec2623d050b54ce0074a48370c61443c9ccbda08d5828bc1.exe

Suspicious use of AdjustPrivilegeToken 4 IoCs

description	pid	Process
Token: 33	1116	AUDIODG.EXE
Token: SeIncBasePriorityPrivilege	1116	AUDIODG.EXE
Token: 33	1116	AUDIODG.EXE
Token: SeIncBasePriorityPrivilege	1116	AUDIODG.EXE

C:\Users\Admin\AppData\Local\Temp\15efd66ad17d5039ec2623d050b54ce0074a48370c61443c9ccbda08d5828bc1.exe
"C:\Users\Admin\AppData\Local\Temp\15efd66ad17d5039ec2623d050b54ce0074a48370c61443c9ccbda08d5828bc1.exe"
1⤵
- Suspicious behavior: GetForegroundWindowSpam
PID:516

C:\Windows\system32\AUDIODG.EXE
C:\Windows\system32\AUDIODG.EXE 0x528
1⤵
- Suspicious use of AdjustPrivilegeToken
PID:1116