d3d59c53e34a4e71ac1adf2784ca3b1b26482c5048b99beebc1cde7c98fc5cab

Analysis

max time kernel
34s
max time network
35s
platform
windows7_x64
resource
win7-20230220-en
resource tags

arch:x64arch:x86image:win7-20230220-enlocale:en-usos:windows7-x64system
submitted
05/05/2023, 20:08

Reason

Machine shutdown

Target

d3d59c53e34a4e71ac1adf2784ca3b1b26482c5048b99beebc1cde7c98fc5cab.exe
Size

44KB
MD5

0dfc2764a1c9cf91ea458bb70036b34b
SHA1

4f0fad9fb2c7dd497bff15fe04f0748d90348363
SHA256

d3d59c53e34a4e71ac1adf2784ca3b1b26482c5048b99beebc1cde7c98fc5cab
SHA512

5c4dfda5ab11f549445cb03a3299e14fa4a8351433f0c350fcdcf7198fc799accd436f62fb48fc990644d44f155c9b24b1c0cd1c97e84e0d92ccb78609d1d3e9
SSDEEP

192:jgL2vMpfffQmMxP1oyno9ZufOXNQP7gY:EyOfffQmo1bOXCP7gY

Score

1^/10

Suspicious use of AdjustPrivilegeToken 5 IoCs

description	pid	Process
Token: SeShutdownPrivilege	1128	d3d59c53e34a4e71ac1adf2784ca3b1b26482c5048b99beebc1cde7c98fc5cab.exe
Token: 33	772	AUDIODG.EXE
Token: SeIncBasePriorityPrivilege	772	AUDIODG.EXE
Token: 33	772	AUDIODG.EXE
Token: SeIncBasePriorityPrivilege	772	AUDIODG.EXE

C:\Users\Admin\AppData\Local\Temp\d3d59c53e34a4e71ac1adf2784ca3b1b26482c5048b99beebc1cde7c98fc5cab.exe
"C:\Users\Admin\AppData\Local\Temp\d3d59c53e34a4e71ac1adf2784ca3b1b26482c5048b99beebc1cde7c98fc5cab.exe"
1⤵
- Suspicious use of AdjustPrivilegeToken
PID:1128

C:\Windows\system32\AUDIODG.EXE
C:\Windows\system32\AUDIODG.EXE 0x50c
1⤵
- Suspicious use of AdjustPrivilegeToken
PID:772

memory/956-56-0x00000000028A0000-0x00000000028A1000-memory.dmp

Filesize
4KB

Download
memory/1128-54-0x0000000000400000-0x000000000040B000-memory.dmp

Filesize
44KB

Download
memory/1740-55-0x0000000002840000-0x0000000002841000-memory.dmp

Filesize
4KB

Download