Overview
overview
3Static
static
100000002.swf
windows7-x64
300000003.swf
windows7-x64
300000004.swf
windows7-x64
3as/flashAPI.js
windows7-x64
1as/shellAction.js
windows7-x64
1as/xmlParse.js
windows7-x64
1shell.swf
windows7-x64
3start.exe
windows7-x64
1start.html
windows7-x64
1start.swf
windows7-x64
3start/start[1].swf
windows7-x64
3start/start[2].swf
windows7-x64
3start/start[3].swf
windows7-x64
3start/start[4].swf
windows7-x64
3swf/m1t1p00.swf
windows7-x64
3swf/m2t1p00.swf
windows7-x64
3swf/m3t1p00.swf
windows7-x64
3swf/m3t1p01.swf
windows7-x64
3swf/m3t1p02.swf
windows7-x64
3swf/m3t1p03.swf
windows7-x64
3swf/m3t1p04.swf
windows7-x64
3swf/m3t1p05.swf
windows7-x64
3swf/m3t1p06.swf
windows7-x64
3swf/m4t1p00.swf
windows7-x64
3swf/m4t1p01.swf
windows7-x64
3swf/m4t1p02.swf
windows7-x64
3swf/m5t1p00.swf
windows7-x64
3swf/m5t1p01.swf
windows7-x64
3swf/m5t1p02.swf
windows7-x64
3swf/m6t1p00.swf
windows7-x64
3swf/m6t1p01.swf
windows7-x64
3swf/m6t1p02.swf
windows7-x64
3Analysis
-
max time kernel
427s -
max time network
415s -
platform
windows7_x64 -
resource
win7-20230220-en -
resource tags
arch:x64arch:x86image:win7-20230220-enlocale:en-usos:windows7-x64system -
submitted
24/05/2023, 04:06
Static task
static1
Behavioral task
behavioral1
Sample
00000002.swf
Resource
win7-20230220-en
Behavioral task
behavioral2
Sample
00000003.swf
Resource
win7-20230220-en
Behavioral task
behavioral3
Sample
00000004.swf
Resource
win7-20230220-en
Behavioral task
behavioral4
Sample
as/flashAPI.js
Resource
win7-20230220-en
Behavioral task
behavioral5
Sample
as/shellAction.js
Resource
win7-20230220-en
Behavioral task
behavioral6
Sample
as/xmlParse.js
Resource
win7-20230220-en
Behavioral task
behavioral7
Sample
shell.swf
Resource
win7-20230220-en
Behavioral task
behavioral8
Sample
start.exe
Resource
win7-20230220-en
Behavioral task
behavioral9
Sample
start.html
Resource
win7-20230220-en
Behavioral task
behavioral10
Sample
start.swf
Resource
win7-20230220-en
Behavioral task
behavioral11
Sample
start/start[1].swf
Resource
win7-20230220-en
Behavioral task
behavioral12
Sample
start/start[2].swf
Resource
win7-20230220-en
Behavioral task
behavioral13
Sample
start/start[3].swf
Resource
win7-20230220-en
Behavioral task
behavioral14
Sample
start/start[4].swf
Resource
win7-20230220-en
Behavioral task
behavioral15
Sample
swf/m1t1p00.swf
Resource
win7-20230220-en
Behavioral task
behavioral16
Sample
swf/m2t1p00.swf
Resource
win7-20230220-en
Behavioral task
behavioral17
Sample
swf/m3t1p00.swf
Resource
win7-20230220-en
Behavioral task
behavioral18
Sample
swf/m3t1p01.swf
Resource
win7-20230220-en
Behavioral task
behavioral19
Sample
swf/m3t1p02.swf
Resource
win7-20230220-en
Behavioral task
behavioral20
Sample
swf/m3t1p03.swf
Resource
win7-20230220-en
Behavioral task
behavioral21
Sample
swf/m3t1p04.swf
Resource
win7-20230220-en
Behavioral task
behavioral22
Sample
swf/m3t1p05.swf
Resource
win7-20230220-en
Behavioral task
behavioral23
Sample
swf/m3t1p06.swf
Resource
win7-20230220-en
Behavioral task
behavioral24
Sample
swf/m4t1p00.swf
Resource
win7-20230220-en
Behavioral task
behavioral25
Sample
swf/m4t1p01.swf
Resource
win7-20230220-en
Behavioral task
behavioral26
Sample
swf/m4t1p02.swf
Resource
win7-20230220-en
Behavioral task
behavioral27
Sample
swf/m5t1p00.swf
Resource
win7-20230220-en
Behavioral task
behavioral28
Sample
swf/m5t1p01.swf
Resource
win7-20230220-en
Behavioral task
behavioral29
Sample
swf/m5t1p02.swf
Resource
win7-20230220-en
Behavioral task
behavioral30
Sample
swf/m6t1p00.swf
Resource
win7-20230220-en
Behavioral task
behavioral31
Sample
swf/m6t1p01.swf
Resource
win7-20230220-en
Behavioral task
behavioral32
Sample
swf/m6t1p02.swf
Resource
win7-20230220-en
General
-
Target
as/shellAction.js
-
Size
30KB
-
MD5
e78fa4aec5fe0fc7383c2f1115c798db
-
SHA1
3143e2e83f08c0a20f8be10c16b60b1ad51cb7a2
-
SHA256
5756e07613b71abb9ebd17de096de52b04befd5bd58dd525614d449d55275792
-
SHA512
8357caf0e45af78e8b60b16703afd33d7a54300abb3ef950cb9b589f3412fdb2922134a4e2611e85e30ea2a8de4f42006cae2dc22245a1125f677dcbd34b6e11
-
SSDEEP
384:qbCs7PwVBH39BpN2d6GyMR+9XOBMTfXZ4YprBoDmnj4JceSUNfLqRWnk6g1+i+3t:iPwPj4YprBoDhrHt
Malware Config
Signatures
-
Suspicious use of AdjustPrivilegeToken 4 IoCs
description pid Process Token: 33 1328 AUDIODG.EXE Token: SeIncBasePriorityPrivilege 1328 AUDIODG.EXE Token: 33 1328 AUDIODG.EXE Token: SeIncBasePriorityPrivilege 1328 AUDIODG.EXE
Processes
-
C:\Windows\system32\wscript.exewscript.exe C:\Users\Admin\AppData\Local\Temp\as\shellAction.js1⤵PID:2004
-
C:\Windows\explorer.exe"C:\Windows\explorer.exe"1⤵PID:1712
-
C:\Windows\system32\AUDIODG.EXEC:\Windows\system32\AUDIODG.EXE 0x5101⤵
- Suspicious use of AdjustPrivilegeToken
PID:1328