3e9384500106a519efec4cdee1510c24ad9a3b03f666f234c5b32f3e769d126d | Triage

Analysis

max time kernel
34s
max time network
36s
platform
windows7_x64
resource
win7-20230220-en
resource tags

arch:x64arch:x86image:win7-20230220-enlocale:en-usos:windows7-x64system
submitted
16/03/2023, 21:57

Sharing

Reason

Machine shutdown

Report Analysis Logs

General

Target

HuniePop 2 - Double Date.exe
Size

635KB
MD5

1fff77c4e72d45c4039c473715997c51
SHA1

848103ebb34e8b44f6f0b95b49223b98f7165efe
SHA256

3e9384500106a519efec4cdee1510c24ad9a3b03f666f234c5b32f3e769d126d
SHA512

77f10a1dedf2d16e3d2fd17a02d5c6f531dec85a71e2c456474080049f1334e936c8c1365e6eadd9cf87c0c131773d94e0bf3dc8818461fab2650a1967018cf4
SSDEEP

12288:r7qTUX07ZTjjQW9NdzoVlmIvm9ya/HOou7jNZHPIkDyzGSkY:nqEmri0Hwql9

Score

1^/10

Malware Config

Signatures

Suspicious use of AdjustPrivilegeToken 4 IoCs

description	pid	Process
Token: 33	1680	AUDIODG.EXE
Token: SeIncBasePriorityPrivilege	1680	AUDIODG.EXE
Token: 33	1680	AUDIODG.EXE
Token: SeIncBasePriorityPrivilege	1680	AUDIODG.EXE

C:\Users\Admin\AppData\Local\Temp\HuniePop 2 - Double Date.exe
"C:\Users\Admin\AppData\Local\Temp\HuniePop 2 - Double Date.exe"
1⤵
PID:1976

C:\Windows\explorer.exe
"C:\Windows\explorer.exe"
1⤵
PID:1964

C:\Windows\system32\AUDIODG.EXE
C:\Windows\system32\AUDIODG.EXE 0x51c
1⤵
- Suspicious use of AdjustPrivilegeToken
PID:1680

C:\Windows\system32\LogonUI.exe
"LogonUI.exe" /flags:0x0
1⤵
PID:816

C:\Windows\system32\LogonUI.exe
"LogonUI.exe" /flags:0x1
1⤵
PID:1428

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

memory/816-54-0x00000000029D0000-0x00000000029D1000-memory.dmp

Filesize
4KB

Download
memory/1428-55-0x0000000002760000-0x0000000002761000-memory.dmp

Filesize
4KB

Download