53df6797d4db230140138285ebc0544e1fe4055fa1f7b6131c82e6ee4a7534d7 | Triage

Analysis

max time kernel
29s
max time network
33s
platform
windows7_x64
resource
win7-20230220-en
resource tags

arch:x64arch:x86image:win7-20230220-enlocale:en-usos:windows7-x64system
submitted
08-05-2023 17:36

Sharing

Report Analysis Logs

General

Target

MODSKIN_13.4.zip
Size

2.3MB
MD5

7b9f485447361769cc70530dcd524d23
SHA1

3974371409adc4759101f06e04a561e4528347c2
SHA256

53df6797d4db230140138285ebc0544e1fe4055fa1f7b6131c82e6ee4a7534d7
SHA512

d27c5ce86aa8d9de1204288d129dc02f2488e0177570e9f458f4723f4b4795731aa46ef1355b6373755e0438bb9e49cc1438ee8162d08dc5b7d9e589c34d89f6
SSDEEP

49152:n6S3W6vM3RQD8V2v1IYZaAqFDCumZ4QTUhf8NfLi9Lm:6Ak3RQD8voYzs4QTwfIji9a

Score

1^/10

Malware Config

Signatures

Suspicious use of AdjustPrivilegeToken 4 IoCs

description	pid	Process
Token: 33	1016	AUDIODG.EXE
Token: SeIncBasePriorityPrivilege	1016	AUDIODG.EXE
Token: 33	1016	AUDIODG.EXE
Token: SeIncBasePriorityPrivilege	1016	AUDIODG.EXE

C:\Windows\Explorer.exe
C:\Windows\Explorer.exe /idlist,,C:\Users\Admin\AppData\Local\Temp\MODSKIN_13.4.zip
1⤵
PID:1712

C:\Windows\explorer.exe
"C:\Windows\explorer.exe"
1⤵
PID:1176

C:\Windows\system32\AUDIODG.EXE
C:\Windows\system32\AUDIODG.EXE 0x1b0
1⤵
- Suspicious use of AdjustPrivilegeToken
PID:1016

C:\Windows\explorer.exe
"C:\Windows\explorer.exe"
1⤵
PID:1136

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads