4cec086a251f22b78e26d0c5eeaf31babff881a3f7565975bf22376f30338366 | Triage

Resubmissions

22-03-2023 07:15

230322-h3gh3ahd4v 1

22-03-2023 05:29

230322-f6pyhaha3t 1

Analysis

max time kernel
57s
max time network
33s
platform
windows7_x64
resource
win7-20230220-en
resource tags

arch:x64arch:x86image:win7-20230220-enlocale:en-usos:windows7-x64system
submitted
22-03-2023 07:15

Sharing

Report Analysis Logs

General

Target

KMSEmulator.zip
Size

73KB
MD5

c5cbac9fc0f4d04c3cd49e64157f61b0
SHA1

07b272a539f0686374a426b3eef334bac8091056
SHA256

4cec086a251f22b78e26d0c5eeaf31babff881a3f7565975bf22376f30338366
SHA512

afa60c44bb1a7cf1396fc9a26f52d80a9e5189e92ba830855c19e9998dc8b226033ee2369503f7d8fa78a71885aec1d0cb57bd66288bbd3021f88432017b203e
SSDEEP

1536:NBn6wrL5wsX/Jd3TqAbsOBPeZ4hkva083cvrTwX05zBQllR/2hbkLKSh:+wP5wYzd4OI48l834rskFBOlt

Score

1^/10

Malware Config

Signatures

Suspicious use of AdjustPrivilegeToken 4 IoCs

description	pid	Process
Token: 33	1816	AUDIODG.EXE
Token: SeIncBasePriorityPrivilege	1816	AUDIODG.EXE
Token: 33	1816	AUDIODG.EXE
Token: SeIncBasePriorityPrivilege	1816	AUDIODG.EXE

C:\Windows\Explorer.exe
C:\Windows\Explorer.exe /idlist,,C:\Users\Admin\AppData\Local\Temp\KMSEmulator.zip
1⤵
PID:1696

C:\Windows\explorer.exe
"C:\Windows\explorer.exe"
1⤵
PID:272

C:\Windows\system32\AUDIODG.EXE
C:\Windows\system32\AUDIODG.EXE 0x51c
1⤵
- Suspicious use of AdjustPrivilegeToken
PID:1816

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads