3f709045ea3a55748218ca428c7e9191b12283cf50e809da8a83f8edf4eb068d | Triage

Analysis

max time kernel
76s
max time network
74s
platform
windows7_x64
resource
win7-20230220-en
resource tags

arch:x64arch:x86image:win7-20230220-enlocale:en-usos:windows7-x64system
submitted
15-03-2023 14:17

Sharing

Report Analysis Logs

General

Target

3f709045e.exe
Size

4.2MB
MD5

3f563876c32c717e4c763fdf761e8c6a
SHA1

3c89f3e56f503d981dba529c0e78b7caadcc3c25
SHA256

3f709045ea3a55748218ca428c7e9191b12283cf50e809da8a83f8edf4eb068d
SHA512

840249e833646389b37d9f3ace4be143e983f3fba5dda4576d024d8944a204c0acfdd60c3f5434c09b05c814d1bbe1668de40e7cced6f934ff020058198a4a12
SSDEEP

98304:Iui+w32+gR/RtXJdWGw6VdIky/Cr4Q8QE2YFGO:Iui+LTpxUkfy/CMR

Score

1^/10

Malware Config

Signatures

Suspicious use of AdjustPrivilegeToken 4 IoCs

Processes:

AUDIODG.EXE

description	pid	process
Token: 33	2000	AUDIODG.EXE
Token: SeIncBasePriorityPrivilege	2000	AUDIODG.EXE
Token: 33	2000	AUDIODG.EXE
Token: SeIncBasePriorityPrivilege	2000	AUDIODG.EXE

C:\Users\Admin\AppData\Local\Temp\3f709045e.exe
"C:\Users\Admin\AppData\Local\Temp\3f709045e.exe"
1⤵
PID:1204

C:\Windows\explorer.exe
"C:\Windows\explorer.exe"
1⤵
PID:1708

C:\Windows\system32\AUDIODG.EXE
C:\Windows\system32\AUDIODG.EXE 0x504
1⤵
- Suspicious use of AdjustPrivilegeToken
PID:2000

C:\Users\Admin\AppData\Local\Temp\3f709045e.exe
"C:\Users\Admin\AppData\Local\Temp\3f709045e.exe"
1⤵
PID:1224

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads