b4a5baf9a5cb5e7d8a0a71b6d76219ab0c0530a7e9aaa8f4d6996edef78e23d5

Analysis

max time kernel
21s
max time network
23s
platform
windows10-2004_x64
resource
win10v2004-20221111-en
resource tags

arch:x64arch:x86image:win10v2004-20221111-enlocale:en-usos:windows10-2004-x64system
submitted
20-02-2023 04:49

Target

patch.exe
Size

360KB
MD5

02a70d4df5444fb3b1b18f61100a06e9
SHA1

45b2f5b9b977291458d150298c2a7f96a837dbdb
SHA256

b4a5baf9a5cb5e7d8a0a71b6d76219ab0c0530a7e9aaa8f4d6996edef78e23d5
SHA512

1ab32c0bd930294c2085490a54cc36e920840bfdcbc9b6f2f3f4f0bbe16334e22d9291f345bf6367ae12bfbea7495b424a627c965b8732c4e14cc98362c4418b
SSDEEP

6144:ttqan7x3RHw43HBqAT0e112TiS/eJ4yIVDM0EcUimmY95cD44PL/5NcgNPwGy:LNtBH5BqAT0c8TiSmTIVDM0EcU1/9yDy

Score

1^/10

Suspicious use of AdjustPrivilegeToken 2 IoCs

Processes:

AUDIODG.EXE

description pid process

Token: 33 3580 AUDIODG.EXE
Token: SeIncBasePriorityPrivilege 3580 AUDIODG.EXE

description	pid	process
Token: 33	3580	AUDIODG.EXE
Token: SeIncBasePriorityPrivilege	3580	AUDIODG.EXE

C:\Users\Admin\AppData\Local\Temp\patch.exe
"C:\Users\Admin\AppData\Local\Temp\patch.exe"
1⤵
PID:3432

C:\Windows\system32\AUDIODG.EXE
C:\Windows\system32\AUDIODG.EXE 0x42c 0x324
1⤵
- Suspicious use of AdjustPrivilegeToken
PID:3580

memory/3432-132-0x0000000000400000-0x00000000004CC000-memory.dmp

Filesize
816KB

Download
memory/3432-133-0x0000000000400000-0x00000000004CC000-memory.dmp

Filesize
816KB

Download
memory/3432-135-0x0000000000400000-0x00000000004CC000-memory.dmp

Filesize
816KB

Download
memory/3432-134-0x0000000000400000-0x00000000004CC000-memory.dmp

Filesize
816KB

Download
memory/3432-136-0x0000000000400000-0x00000000004CC000-memory.dmp

Filesize
816KB

Download
memory/3432-137-0x0000000000400000-0x00000000004CC000-memory.dmp

Filesize
816KB

Download