9217d0fa084c87c860e872df3b9732ef45e95a3e9ce88ac9270c2014399f9ec5

Analysis

max time kernel
7s
max time network
16s
platform
windows7_x64
resource
win7-20230220-en
resource tags

arch:x64arch:x86image:win7-20230220-enlocale:en-usos:windows7-x64system
submitted
12-04-2023 03:24

Target

Mensajes en cuarentena.zip
Size

862KB
MD5

0023dfaca38063657fbb0a390b4c4741
SHA1

a4e4a1974a3566788f3a0586131a53d4c8b3d669
SHA256

9217d0fa084c87c860e872df3b9732ef45e95a3e9ce88ac9270c2014399f9ec5
SHA512

9ceb4fb537f55ac4df3c40c5a95a85576c91fe1b7b4fbd583de56bdae3b6d535148ef25137dec9697d04de298d75ebe4b290295ebb5e8bc15e0529ceb9c232f3
SSDEEP

12288:OFAoXog+Zsw3EwLiidNS7FGcZA8mHfLIC8oXhL4FoAmwkVc7s54xmRZ5SD2kvVFY:OAoYg+HVDeYOFpapLkHVHjwwQ1BmFF/0

Score

1^/10

Suspicious use of AdjustPrivilegeToken 4 IoCs

description	pid	Process
Token: 33	560	AUDIODG.EXE
Token: SeIncBasePriorityPrivilege	560	AUDIODG.EXE
Token: 33	560	AUDIODG.EXE
Token: SeIncBasePriorityPrivilege	560	AUDIODG.EXE

C:\Windows\Explorer.exe
C:\Windows\Explorer.exe /idlist,,"C:\Users\Admin\AppData\Local\Temp\Mensajes en cuarentena.zip"
1⤵
PID:1768

C:\Windows\system32\AUDIODG.EXE
C:\Windows\system32\AUDIODG.EXE 0x4fc
1⤵
- Suspicious use of AdjustPrivilegeToken
PID:560