Analysis
-
max time kernel
51s -
max time network
79s -
platform
windows7_x64 -
resource
win7-20220812-en -
resource tags
arch:x64arch:x86image:win7-20220812-enlocale:en-usos:windows7-x64system -
submitted
13-02-2023 21:34
Behavioral task
behavioral1
Sample
88ba7e0ba10304a03661c41a262e6c84ff67d37e7d56a174ca8a64ee36b0f03f.exe
Resource
win7-20220812-en
windows7-x64
2 signatures
150 seconds
General
-
Target
88ba7e0ba10304a03661c41a262e6c84ff67d37e7d56a174ca8a64ee36b0f03f.exe
-
Size
160KB
-
MD5
0f9a0f87d345043fe299242869d0bd40
-
SHA1
9daec976b7832eb7d07aeb63dba737a3aec0e159
-
SHA256
88ba7e0ba10304a03661c41a262e6c84ff67d37e7d56a174ca8a64ee36b0f03f
-
SHA512
fe767e65698df5d7c7a4e43b5740591be82020eb854acbc21ad880625e589ed5faaf1d9833bf2d2454e0711abc21f32196c4e78fb09905558dfd98757d574d8d
-
SSDEEP
3072:jOzPcXa+ND32eioGHlz8rnAE0HCXh0edLvuYMjMqqDvFf:jOTcK+NrRioGHlz8rz0i/uzQqqDvFf
Malware Config
Signatures
-
Suspicious use of AdjustPrivilegeToken 4 IoCs
Processes:
AUDIODG.EXEdescription pid process Token: 33 1524 AUDIODG.EXE Token: SeIncBasePriorityPrivilege 1524 AUDIODG.EXE Token: 33 1524 AUDIODG.EXE Token: SeIncBasePriorityPrivilege 1524 AUDIODG.EXE
Processes
-
C:\Users\Admin\AppData\Local\Temp\88ba7e0ba10304a03661c41a262e6c84ff67d37e7d56a174ca8a64ee36b0f03f.exe"C:\Users\Admin\AppData\Local\Temp\88ba7e0ba10304a03661c41a262e6c84ff67d37e7d56a174ca8a64ee36b0f03f.exe"1⤵
-
C:\Windows\explorer.exe"C:\Windows\explorer.exe"1⤵
-
C:\Windows\system32\AUDIODG.EXEC:\Windows\system32\AUDIODG.EXE 0x5481⤵
- Suspicious use of AdjustPrivilegeToken