Analysis
-
max time kernel
359s -
max time network
363s -
platform
windows7_x64 -
resource
win7-20230220-en -
resource tags
arch:x64arch:x86image:win7-20230220-enlocale:en-usos:windows7-x64system -
submitted
27/02/2023, 16:36
Static task
static1
Behavioral task
behavioral1
Sample
2.dll
Resource
win7-20230220-en
2 signatures
300 seconds
General
-
Target
2.dll
-
Size
600KB
-
MD5
bb9ee18a287e480555e8ea6af3f0097e
-
SHA1
85a19f2f3faa2b5cdc1953d17ccbb3a2ae5663d7
-
SHA256
880b3686ee03e3e2d4771f8d4dfe0f5d57b216860d42542e5f1275fb7bd8153b
-
SHA512
c0023fe59f176808362bb1ec4df22964fbd0cbbf00223ec87b85790fbd01d45018db0c6a60e91baa6adff27888633db5eaa2f15e6b6560599fd6a253ac19f6a4
-
SSDEEP
12288:dt1VOakzj7hpQynG+6g1zJACP406bvcgW+oJfu+3:dt/xk37hyyzl1BP4fto9u+3
Score
1/10
Malware Config
Signatures
-
Suspicious use of AdjustPrivilegeToken 4 IoCs
description pid Process Token: 33 1476 AUDIODG.EXE Token: SeIncBasePriorityPrivilege 1476 AUDIODG.EXE Token: 33 1476 AUDIODG.EXE Token: SeIncBasePriorityPrivilege 1476 AUDIODG.EXE -
Suspicious use of WriteProcessMemory 7 IoCs
description pid Process procid_target PID 912 wrote to memory of 1496 912 rundll32.exe 26 PID 912 wrote to memory of 1496 912 rundll32.exe 26 PID 912 wrote to memory of 1496 912 rundll32.exe 26 PID 912 wrote to memory of 1496 912 rundll32.exe 26 PID 912 wrote to memory of 1496 912 rundll32.exe 26 PID 912 wrote to memory of 1496 912 rundll32.exe 26 PID 912 wrote to memory of 1496 912 rundll32.exe 26
Processes
-
C:\Windows\system32\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\2.dll,#11⤵
- Suspicious use of WriteProcessMemory
PID:912 -
C:\Windows\SysWOW64\rundll32.exerundll32.exe C:\Users\Admin\AppData\Local\Temp\2.dll,#12⤵PID:1496
-
-
C:\Windows\explorer.exe"C:\Windows\explorer.exe"1⤵PID:608
-
C:\Windows\system32\AUDIODG.EXEC:\Windows\system32\AUDIODG.EXE 0x4601⤵
- Suspicious use of AdjustPrivilegeToken
PID:1476