4103666e180ac6581dddc2003295a1e66485b01babfdfd058f5eacb162e809a7

Analysis

max time kernel
28s
max time network
149s
platform
windows7_x64
resource
win7-20230220-en
resource tags

arch:x64arch:x86image:win7-20230220-enlocale:en-usos:windows7-x64system
submitted
30-03-2023 01:26

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

f2161b9ad302cee9cb83f60ace1220f724103ba3fa8ab087a63470b54e0e523b.exe
Size

14.6MB
MD5

5923bf9b6f3953178c81ce76b1aed809
SHA1

3185f0bd9adf5b4e2d6993bb0a06f1f86ee12f2e
SHA256

f2161b9ad302cee9cb83f60ace1220f724103ba3fa8ab087a63470b54e0e523b
SHA512

090b1958951568746733e6465a453352212fb9d973559bfada0be744738a12538aa98d2721013678cb28aa60943b7e6220ff21161998a28cad5d2327ca4dd330
SSDEEP

393216:mmZhRuI5NoDil/XS8SOzzX/Zi3+Af1oRS5R:mmZhRTl9Dyf12ST

Score

1^/10

Malware Config

Signatures

Checks processor information in registry 2 TTPs 2 IoCs

Processor information is often read in order to detect sandboxing environments.

Query Registry

T1012

System Information Discovery

T1082

Processes:

f2161b9ad302cee9cb83f60ace1220f724103ba3fa8ab087a63470b54e0e523b.exe

description	ioc	process
Key opened	\REGISTRY\MACHINE\Hardware\Description\System\CentralProcessor\0	f2161b9ad302cee9cb83f60ace1220f724103ba3fa8ab087a63470b54e0e523b.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~MHz	f2161b9ad302cee9cb83f60ace1220f724103ba3fa8ab087a63470b54e0e523b.exe

Suspicious use of AdjustPrivilegeToken 4 IoCs

Processes:

AUDIODG.EXE

description	pid	process
Token: 33	1608	AUDIODG.EXE
Token: SeIncBasePriorityPrivilege	1608	AUDIODG.EXE
Token: 33	1608	AUDIODG.EXE
Token: SeIncBasePriorityPrivilege	1608	AUDIODG.EXE

Suspicious use of SetWindowsHookEx 1 IoCs

Processes:

f2161b9ad302cee9cb83f60ace1220f724103ba3fa8ab087a63470b54e0e523b.exe

pid process

2008 f2161b9ad302cee9cb83f60ace1220f724103ba3fa8ab087a63470b54e0e523b.exe

pid	process
2008	f2161b9ad302cee9cb83f60ace1220f724103ba3fa8ab087a63470b54e0e523b.exe

C:\Users\Admin\AppData\Local\Temp\f2161b9ad302cee9cb83f60ace1220f724103ba3fa8ab087a63470b54e0e523b.exe
"C:\Users\Admin\AppData\Local\Temp\f2161b9ad302cee9cb83f60ace1220f724103ba3fa8ab087a63470b54e0e523b.exe"
1⤵
- Checks processor information in registry
- Suspicious use of SetWindowsHookEx
PID:2008

C:\Windows\system32\AUDIODG.EXE
C:\Windows\system32\AUDIODG.EXE 0x558
1⤵
- Suspicious use of AdjustPrivilegeToken
PID:1608

Network

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

memory/2008-141-0x0000000001450000-0x000000000145A000-memory.dmp

Filesize
40KB

Download
memory/2008-140-0x0000000001450000-0x000000000145A000-memory.dmp

Filesize
40KB

Download
memory/2008-139-0x0000000001450000-0x000000000145A000-memory.dmp

Filesize
40KB

Download
memory/2008-138-0x00000000011C0000-0x00000000011C1000-memory.dmp

Filesize
4KB

Download
memory/2008-151-0x0000000001450000-0x000000000145A000-memory.dmp

Filesize
40KB

Download
memory/2008-152-0x0000000001450000-0x000000000145A000-memory.dmp

Filesize
40KB

Download
memory/2008-153-0x0000000001450000-0x000000000145A000-memory.dmp

Filesize
40KB

Download