Analysis
-
max time kernel
28s -
max time network
149s -
platform
windows7_x64 -
resource
win7-20230220-en -
resource tags
arch:x64arch:x86image:win7-20230220-enlocale:en-usos:windows7-x64system -
submitted
30-03-2023 01:26
Behavioral task
behavioral1
Sample
f2161b9ad302cee9cb83f60ace1220f724103ba3fa8ab087a63470b54e0e523b.exe
Resource
win7-20230220-en
Behavioral task
behavioral2
Sample
f2161b9ad302cee9cb83f60ace1220f724103ba3fa8ab087a63470b54e0e523b.exe
Resource
win10v2004-20230220-en
General
-
Target
f2161b9ad302cee9cb83f60ace1220f724103ba3fa8ab087a63470b54e0e523b.exe
-
Size
14.6MB
-
MD5
5923bf9b6f3953178c81ce76b1aed809
-
SHA1
3185f0bd9adf5b4e2d6993bb0a06f1f86ee12f2e
-
SHA256
f2161b9ad302cee9cb83f60ace1220f724103ba3fa8ab087a63470b54e0e523b
-
SHA512
090b1958951568746733e6465a453352212fb9d973559bfada0be744738a12538aa98d2721013678cb28aa60943b7e6220ff21161998a28cad5d2327ca4dd330
-
SSDEEP
393216:mmZhRuI5NoDil/XS8SOzzX/Zi3+Af1oRS5R:mmZhRTl9Dyf12ST
Malware Config
Signatures
-
Checks processor information in registry 2 TTPs 2 IoCs
Processor information is often read in order to detect sandboxing environments.
Processes:
f2161b9ad302cee9cb83f60ace1220f724103ba3fa8ab087a63470b54e0e523b.exedescription ioc process Key opened \REGISTRY\MACHINE\Hardware\Description\System\CentralProcessor\0 f2161b9ad302cee9cb83f60ace1220f724103ba3fa8ab087a63470b54e0e523b.exe Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~MHz f2161b9ad302cee9cb83f60ace1220f724103ba3fa8ab087a63470b54e0e523b.exe -
Suspicious use of AdjustPrivilegeToken 4 IoCs
Processes:
AUDIODG.EXEdescription pid process Token: 33 1608 AUDIODG.EXE Token: SeIncBasePriorityPrivilege 1608 AUDIODG.EXE Token: 33 1608 AUDIODG.EXE Token: SeIncBasePriorityPrivilege 1608 AUDIODG.EXE -
Suspicious use of SetWindowsHookEx 1 IoCs
Processes:
f2161b9ad302cee9cb83f60ace1220f724103ba3fa8ab087a63470b54e0e523b.exepid process 2008 f2161b9ad302cee9cb83f60ace1220f724103ba3fa8ab087a63470b54e0e523b.exe
Processes
-
C:\Users\Admin\AppData\Local\Temp\f2161b9ad302cee9cb83f60ace1220f724103ba3fa8ab087a63470b54e0e523b.exe"C:\Users\Admin\AppData\Local\Temp\f2161b9ad302cee9cb83f60ace1220f724103ba3fa8ab087a63470b54e0e523b.exe"1⤵
- Checks processor information in registry
- Suspicious use of SetWindowsHookEx
-
C:\Windows\system32\AUDIODG.EXEC:\Windows\system32\AUDIODG.EXE 0x5581⤵
- Suspicious use of AdjustPrivilegeToken
Network
MITRE ATT&CK Matrix ATT&CK v6
Replay Monitor
Loading Replay Monitor...
Downloads
-
memory/2008-141-0x0000000001450000-0x000000000145A000-memory.dmpFilesize
40KB
-
memory/2008-140-0x0000000001450000-0x000000000145A000-memory.dmpFilesize
40KB
-
memory/2008-139-0x0000000001450000-0x000000000145A000-memory.dmpFilesize
40KB
-
memory/2008-138-0x00000000011C0000-0x00000000011C1000-memory.dmpFilesize
4KB
-
memory/2008-151-0x0000000001450000-0x000000000145A000-memory.dmpFilesize
40KB
-
memory/2008-152-0x0000000001450000-0x000000000145A000-memory.dmpFilesize
40KB
-
memory/2008-153-0x0000000001450000-0x000000000145A000-memory.dmpFilesize
40KB