df0d9505f6798a66bee1334d848e8b2f7d5542bdedbeb1004278e21a85b013ef

Analysis

max time kernel
30s
max time network
35s
platform
windows7_x64
resource
win7-20230220-en
resource tags

arch:x64arch:x86image:win7-20230220-enlocale:en-usos:windows7-x64system
submitted
10/05/2023, 03:15

Target

ڂ̃ANV/ڂ̃ANV.exe
Size

1.6MB
MD5

12d20e7f22c8735e4ea9ed13c27fb657
SHA1

89a4fc8e4a80af74cbdeceaacb2d69122caa037d
SHA256

044f971c251965e950e147b2c508ca54bb74ad4da0f6402bd9471054448d2f7e
SHA512

ed50a6cb8491197f75e59df8da397174d6f0da91fc15283a1e177c61930d00eee05108ab7a437ee82b3d267df11322cc421b630a5082ad2e3927b536cf6374a8
SSDEEP

24576:t0LvWQb1FWy33djbjR9FC0brpYGQwflh6h9a9rw2RNkWgWeiT0W:WLvWQXWm39jRC/9atW+1T0W

Score

3^/10

Program crash 1 IoCs

pid	pid_target	Process	procid_target
1624	1780	WerFault.exe	27

Suspicious use of AdjustPrivilegeToken 4 IoCs

description	pid	Process
Token: 33	1468	AUDIODG.EXE
Token: SeIncBasePriorityPrivilege	1468	AUDIODG.EXE
Token: 33	1468	AUDIODG.EXE
Token: SeIncBasePriorityPrivilege	1468	AUDIODG.EXE

Suspicious use of SetWindowsHookEx 2 IoCs

pid	Process
1780	ڂ̃ANV.exe
1780	ڂ̃ANV.exe

Suspicious use of WriteProcessMemory 4 IoCs

description	pid	Process	procid_target
PID 1780 wrote to memory of 1624	1780	ڂ̃ANV.exe	29
PID 1780 wrote to memory of 1624	1780	ڂ̃ANV.exe	29
PID 1780 wrote to memory of 1624	1780	ڂ̃ANV.exe	29
PID 1780 wrote to memory of 1624	1780	ڂ̃ANV.exe	29

C:\Users\Admin\AppData\Local\Temp\ڂ̃ANV\ڂ̃ANV.exe
"C:\Users\Admin\AppData\Local\Temp\ڂ̃ANV\ڂ̃ANV.exe"
1⤵
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:1780
- C:\Windows\SysWOW64\WerFault.exe
  C:\Windows\SysWOW64\WerFault.exe -u -p 1780 -s 17176
  2⤵
  - Program crash
  PID:1624

C:\Windows\system32\AUDIODG.EXE
C:\Windows\system32\AUDIODG.EXE 0x580
1⤵
- Suspicious use of AdjustPrivilegeToken
PID:1468

C:\Users\Admin\AppData\Local\Temp\ڂ̃ANV\Log.txt

Filesize
1KB

MD5
a0bdca6eab7f295b28c0eb5f680c925f

SHA1
de8910c4df0e5055ba43f7f62117e107a13e86b7

SHA256
50db4579fae09a70c3e68eee1671ac9bdb042f491b6cb1f39f16b79f13ee97d4

SHA512
4c392c4002486318e942f0fed189781d39fcb89d5f8f5c46d7c7dcdb4cb277f7105bde727317251eb0e6a737ee6d0168e3cd7c352d331c1400880eeef2f268f8

Download Submit