8b47e773a782361209f8adacc8d6aeefb595e1c13ae6813df7de01c20a15c91e | Triage

Analysis

max time kernel
109s
max time network
144s
platform
windows7_x64
resource
win7-20230220-en
resource tags

arch:x64arch:x86image:win7-20230220-enlocale:en-usos:windows7-x64system
submitted
31-03-2023 15:11

Sharing

Report Analysis Logs

General

Target

memz-trojan.zip
Size

47KB
MD5

c31e52bf196d6936910fa3dff6b6031e
SHA1

405a89972d416d292b247fd70bbc080c3003b5e6
SHA256

8b47e773a782361209f8adacc8d6aeefb595e1c13ae6813df7de01c20a15c91e
SHA512

a5335c7d3beafdefa6cb1a459736615ca0151fa2e64dafb78de65aa4b924068ad0dc55c70a5317be19edeb899f94ea02e2e54279933b87828ebe86ef95f13291
SSDEEP

768:gaonsrOd+r8/I3lXePW3AOYzGYwX6+AJV0mu52MC:gaOsy+rcIVXwPzmXnA852D

Score

1^/10

Malware Config

Signatures

Suspicious use of AdjustPrivilegeToken 4 IoCs

description	pid	Process
Token: 33	1172	AUDIODG.EXE
Token: SeIncBasePriorityPrivilege	1172	AUDIODG.EXE
Token: 33	1172	AUDIODG.EXE
Token: SeIncBasePriorityPrivilege	1172	AUDIODG.EXE

C:\Windows\Explorer.exe
C:\Windows\Explorer.exe /idlist,,C:\Users\Admin\AppData\Local\Temp\memz-trojan.zip
1⤵
PID:924

C:\Windows\system32\LogonUI.exe
"LogonUI.exe" /flags:0x0
1⤵
PID:1160

C:\Windows\system32\AUDIODG.EXE
C:\Windows\system32\AUDIODG.EXE 0x2ec
1⤵
- Suspicious use of AdjustPrivilegeToken
PID:1172

C:\Windows\system32\LogonUI.exe
"LogonUI.exe" /flags:0x1
1⤵
PID:1540

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

memory/1160-54-0x00000000027C0000-0x00000000027C1000-memory.dmp

Filesize
4KB

Download
memory/1540-55-0x00000000027E0000-0x00000000027E1000-memory.dmp

Filesize
4KB

Download