eadaf26df948f0fd541f297e2f0bad435aa4bee5c97e4324ad767dacca77e29d | Triage

Resubmissions

09-05-2023 19:22

230509-x3fn4adg58 10

09-05-2023 19:14

230509-xxsrgaff7x 10

09-05-2023 19:14

230509-xxr5yadg42 7

09-05-2023 19:14

230509-xxrt6sff7w 8

09-05-2023 19:14

230509-xxrjeaff7v 8

09-05-2023 19:14

230509-xxqxwadg39 7

09-05-2023 19:14

230509-xxql4sff7t 10

09-05-2023 19:14

230509-xxqbcadg38 7

09-05-2023 19:10

230509-xvl6xadf64 10

Analysis

max time kernel
15s
max time network
37s
platform
windows7_x64
resource
win7-20230220-en
resource tags

arch:x64arch:x86image:win7-20230220-enlocale:en-usos:windows7-x64system
submitted
09-05-2023 19:10

Sharing

Report Analysis Logs

General

Target

trojan-leaks-main/Potassium.exe
Size

109KB
MD5

86d3f3f29362283921a9277bdfb73648
SHA1

55ab05f3a2251d9071c8d97c9a995b6799a85cb1
SHA256

b264d303e833f180f46a5b5f04c8a4ebd41db3e5aadb2e1e0058f2c2bf7b5a5c
SHA512

27b34ba3ce6e97b9940cb1ad76373815cc7867b474c1129e5a600965337a71a7785d3316304032816f367a6b91fa67f02c4b36f1e6ec72efd81716a87b69d93e
SSDEEP

3072:+/n7O+sxVkBqEx1KRgugPWsBs63n9fSrlex:+/n7VW+cE5ugPWKSrlex

Score

1^/10

Malware Config

Signatures

Suspicious use of AdjustPrivilegeToken 4 IoCs

Processes:

AUDIODG.EXE

description	pid	process
Token: 33	1760	AUDIODG.EXE
Token: SeIncBasePriorityPrivilege	1760	AUDIODG.EXE
Token: 33	1760	AUDIODG.EXE
Token: SeIncBasePriorityPrivilege	1760	AUDIODG.EXE

C:\Users\Admin\AppData\Local\Temp\trojan-leaks-main\Potassium.exe
"C:\Users\Admin\AppData\Local\Temp\trojan-leaks-main\Potassium.exe"
1⤵
PID:2020

C:\Windows\system32\AUDIODG.EXE
C:\Windows\system32\AUDIODG.EXE 0x470
1⤵
- Suspicious use of AdjustPrivilegeToken
PID:1760

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...