d7255462d3c048991f6cb44d9b0356f7f9e2a67c51a598c9082f6da88fbc8c27

Analysis

max time kernel
98s
max time network
31s
platform
windows7_x64
resource
win7-20230703-en
resource tags

arch:x64arch:x86image:win7-20230703-enlocale:en-usos:windows7-x64system
submitted
08/07/2023, 22:14

Target

MTalk/MTalk.exe
Size

19KB
MD5

ea23f3e213d6db3fd65db567f49fd5c7
SHA1

b8cad8e69235961df761693ad605e5c388870df9
SHA256

e73e074f82956cd6441246256b4654edf6d6c04ccdaca342b6a1c56289812731
SHA512

520dfd70b2eefdbd243e42019cfb8d91f779a9bba9f69559696d71761cc710a5d1f82819cc03bd53f4d62f2b489cb9b02b1e74cff3c3d71d5030fb697cc12dda
SSDEEP

384:qqrhJtKSBNwiVQB6t3OfcV7eLEppDpRniJGS8asU/6CO3:qqs259pHRyv8adpO

Score

1^/10

Suspicious use of AdjustPrivilegeToken 4 IoCs

description	pid	Process
Token: 33	2272	AUDIODG.EXE
Token: SeIncBasePriorityPrivilege	2272	AUDIODG.EXE
Token: 33	2272	AUDIODG.EXE
Token: SeIncBasePriorityPrivilege	2272	AUDIODG.EXE

Suspicious use of WriteProcessMemory 4 IoCs

description	pid	Process	procid_target
PID 2312 wrote to memory of 2368	2312	MTalk.exe	29
PID 2312 wrote to memory of 2368	2312	MTalk.exe	29
PID 2312 wrote to memory of 2368	2312	MTalk.exe	29
PID 2312 wrote to memory of 2368	2312	MTalk.exe	29

C:\Users\Admin\AppData\Local\Temp\MTalk\MTalk.exe
"C:\Users\Admin\AppData\Local\Temp\MTalk\MTalk.exe"
1⤵
- Suspicious use of WriteProcessMemory
PID:2312
- C:\Users\Admin\AppData\Local\Temp\MTalk\OpenJTalk\open_jtalk.exe
  "C:\Users\Admin\AppData\Local\Temp\MTalk/OpenJTalk/open_jtalk.exe" -m C:\Users\Admin\AppData\Local\Temp\MTalk/OpenJTalk/voice/mira/mira.htsvoice -x C:\Users\Admin\AppData\Local\Temp\MTalk/OpenJTalk/dic/win -ow C:\Users\Admin\AppData\Local\Temp\MTalk/OpenJTalk/tmp/test.wav -r 1 -fm 3 -a 0.55 -jf 1
  2⤵
  PID:2368

C:\Windows\system32\AUDIODG.EXE
C:\Windows\system32\AUDIODG.EXE 0x1a0
1⤵
- Suspicious use of AdjustPrivilegeToken
PID:2272

C:\Users\Admin\AppData\Local\Temp\MTalk\OpenJTalk\tmp\test.wav

Filesize
164KB

MD5
963f3c5ff5adec6fa90e7a519ca31ac6

SHA1
c0f92126728ab2951e21120a9abc06e824e6d000

SHA256
5ba6aca69fa3828b6fadc66dd690c429a991d5190c9768782beb79d59da44e67

SHA512
1c4761806fcf260e1a293abb868325580d3d870dbb34002814d487dda39aeaad1de903268f43be669e4c32e53630ba6051375b56bfeac9dbbe0393112b5bc518

Download Submit
memory/2312-54-0x00000000012D0000-0x00000000012DC000-memory.dmp

Filesize
48KB

Download
memory/2312-55-0x0000000000430000-0x0000000000472000-memory.dmp

Filesize
264KB

Download
memory/2312-56-0x0000000001260000-0x00000000012A0000-memory.dmp

Filesize
256KB

Download
memory/2312-57-0x0000000001260000-0x00000000012A0000-memory.dmp

Filesize
256KB

Download
memory/2312-58-0x0000000001260000-0x00000000012A0000-memory.dmp

Filesize
256KB

Download
memory/2312-59-0x0000000001260000-0x00000000012A0000-memory.dmp

Filesize
256KB

Download