Analysis
-
max time kernel
31s -
max time network
33s -
platform
windows7_x64 -
resource
win7-20230220-en -
resource tags
arch:x64arch:x86image:win7-20230220-enlocale:en-usos:windows7-x64system -
submitted
26-03-2023 03:32
Static task
static1
Behavioral task
behavioral1
Sample
invoice.zip
Resource
win7-20230220-en
windows7-x64
1 signatures
300 seconds
General
-
Target
invoice.zip
-
Size
1KB
-
MD5
6eb92b8dae5730ff7d6da2cab832c3c3
-
SHA1
fe81cf3ad9040f75e4c0bce8ce1cb4ddea82ee54
-
SHA256
dc3885a6d719df87955bdb33a9e41bed998bac9d800d7ae2362ded6923b30f60
-
SHA512
98f3b2281346ae865c3bba9f3ec451033b492136922e3625421776a7382f75bc2d9a0cfa0ce70b7147103be7a2bb9655d44d6b459d89ad265b3233f393d5dab2
Score
1/10
Malware Config
Signatures
-
Suspicious use of AdjustPrivilegeToken 4 IoCs
Processes:
AUDIODG.EXEdescription pid process Token: 33 1476 AUDIODG.EXE Token: SeIncBasePriorityPrivilege 1476 AUDIODG.EXE Token: 33 1476 AUDIODG.EXE Token: SeIncBasePriorityPrivilege 1476 AUDIODG.EXE
Processes
-
C:\Windows\Explorer.exeC:\Windows\Explorer.exe /idlist,,C:\Users\Admin\AppData\Local\Temp\invoice.zip1⤵PID:948
-
C:\Windows\explorer.exe"C:\Windows\explorer.exe"1⤵PID:332
-
C:\Windows\system32\AUDIODG.EXEC:\Windows\system32\AUDIODG.EXE 0xd01⤵
- Suspicious use of AdjustPrivilegeToken
PID:1476