2cdcc5504645f14405d8c6227884706437f6006983b5983a12a11694ceefac23

Analysis

max time kernel
131s
max time network
36s
platform
windows7_x64
resource
win7-20230220-en
resource tags

arch:x64arch:x86image:win7-20230220-enlocale:en-usos:windows7-x64system
submitted
28/03/2023, 06:19

Sharing

Copy URL Twitter E-mail

Report Analysis Logs

General

Target

2cdcc5504645f14405d8c6227884706437f6006983b5983a12a11694ceefac23.exe
Size

104KB
MD5

0fff1d3cbfa04b1c7d1400fe7339c4f3
SHA1

b490ba9915aebb23f502298352a87b545e4a61df
SHA256

2cdcc5504645f14405d8c6227884706437f6006983b5983a12a11694ceefac23
SHA512

d3147f0dd1f1ca4e4c8f16850e1f5eeff6f7d5699b6539b0b76084197ae04732bd5adb8f10a36622c64de62457168b4cee6d69c42ab4bc58a4e2f76de8c25da2
SSDEEP

1536:XeogqcdvPJVrR6EIyjUTCdbWPls/IcT9ifZGILU79LTr9FmeN5jnK+Ppt:XvexJiEIs2CQ96BT9mkFhr9FbKu

Score

7^/10

Malware Config

Signatures

Loads dropped DLL 1 IoCs

pid	Process
1132	2cdcc5504645f14405d8c6227884706437f6006983b5983a12a11694ceefac23.exe

Suspicious use of AdjustPrivilegeToken 4 IoCs

description	pid	Process
Token: 33	1712	AUDIODG.EXE
Token: SeIncBasePriorityPrivilege	1712	AUDIODG.EXE
Token: 33	1712	AUDIODG.EXE
Token: SeIncBasePriorityPrivilege	1712	AUDIODG.EXE

C:\Users\Admin\AppData\Local\Temp\2cdcc5504645f14405d8c6227884706437f6006983b5983a12a11694ceefac23.exe
"C:\Users\Admin\AppData\Local\Temp\2cdcc5504645f14405d8c6227884706437f6006983b5983a12a11694ceefac23.exe"
1⤵
- Loads dropped DLL
PID:1132

C:\Windows\system32\AUDIODG.EXE
C:\Windows\system32\AUDIODG.EXE 0x574
1⤵
- Suspicious use of AdjustPrivilegeToken
PID:1712

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

\Users\Admin\AppData\Local\Temp\bassmod.dll

Filesize
33KB

MD5
e4ec57e8508c5c4040383ebe6d367928

SHA1
b22bcce36d9fdeae8ab7a7ecc0b01c8176648d06

SHA256
8ad9e47693e292f381da42ddc13724a3063040e51c26f4ca8e1f8e2f1ddd547f

SHA512
77d5cf66caf06e192e668fae2b2594e60a498e8e0ccef5b09b9710721a4cdb0c852d00c446fd32c5b5c85e739de2e73cb1f1f6044879fe7d237341bbb6f27822

Download Submit
memory/1132-57-0x0000000000400000-0x00000000004BA000-memory.dmp

Filesize
744KB

Download
memory/1132-58-0x0000000000020000-0x0000000000022000-memory.dmp

Filesize
8KB

Download
memory/1132-59-0x0000000010000000-0x0000000010013000-memory.dmp

Filesize
76KB

Download
memory/1132-61-0x0000000010000000-0x0000000010013000-memory.dmp

Filesize
76KB

Download
memory/1132-62-0x0000000010000000-0x0000000010013000-memory.dmp

Filesize
76KB

Download
memory/1132-64-0x0000000010000000-0x0000000010013000-memory.dmp

Filesize
76KB

Download
memory/1132-66-0x0000000010000000-0x0000000010013000-memory.dmp

Filesize
76KB

Download
memory/1132-68-0x0000000010000000-0x0000000010013000-memory.dmp

Filesize
76KB

Download
memory/1132-70-0x0000000010000000-0x0000000010013000-memory.dmp

Filesize
76KB

Download
memory/1132-72-0x0000000010000000-0x0000000010013000-memory.dmp

Filesize
76KB

Download
memory/1132-74-0x0000000010000000-0x0000000010013000-memory.dmp

Filesize
76KB

Download
memory/1132-76-0x0000000010000000-0x0000000010013000-memory.dmp

Filesize
76KB

Download
memory/1132-78-0x0000000010000000-0x0000000010013000-memory.dmp

Filesize
76KB

Download
memory/1132-80-0x0000000010000000-0x0000000010013000-memory.dmp

Filesize
76KB

Download
memory/1132-82-0x0000000010000000-0x0000000010013000-memory.dmp

Filesize
76KB

Download
memory/1132-84-0x0000000010000000-0x0000000010013000-memory.dmp

Filesize
76KB

Download
memory/1132-86-0x0000000010000000-0x0000000010013000-memory.dmp

Filesize
76KB

Download

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads