Analysis
-
max time kernel
127s -
max time network
140s -
platform
windows10-2004_x64 -
resource
win10v2004-20230703-en -
resource tags
arch:x64arch:x86image:win10v2004-20230703-enlocale:en-usos:windows10-2004-x64system -
submitted
27-08-2023 08:52
Behavioral task
behavioral1
Sample
mp3studios_6.exe
Resource
win7-20230712-en
windows7-x64
4 signatures
150 seconds
Behavioral task
behavioral2
Sample
mp3studios_6.exe
Resource
win10v2004-20230703-en
windows10-2004-x64
2 signatures
150 seconds
General
-
Target
mp3studios_6.exe
-
Size
1.4MB
-
MD5
4991dbb29f6f702174e974e8c2224c1d
-
SHA1
15b4874d3b8ee4c54aa44d77b92f4032be33a936
-
SHA256
9a84a9001644e7200e984dfc45884e3e9e87bcbd5b3b212e410dcdaaf71336c9
-
SHA512
ea051008f69c990e54f75a07de0aef30fb4cc56ec403c44be2f0420fabea9b95511c45de511679bec7f9f2622c62546cbe8ab53e2292f0393f00f81af3364f99
-
SSDEEP
24576:IJSLpwfVWRh0SGQ48Lm2194mKa4qrNdW9NTPjVt5qBlzu:Iup62ESMTjTPjVTq/zu
Score
3/10
Malware Config
Signatures
-
Program crash 1 IoCs
pid pid_target Process procid_target 704 2920 WerFault.exe 80 -
Suspicious use of AdjustPrivilegeToken 34 IoCs
description pid Process Token: SeCreateTokenPrivilege 2920 mp3studios_6.exe Token: SeAssignPrimaryTokenPrivilege 2920 mp3studios_6.exe Token: SeLockMemoryPrivilege 2920 mp3studios_6.exe Token: SeIncreaseQuotaPrivilege 2920 mp3studios_6.exe Token: SeMachineAccountPrivilege 2920 mp3studios_6.exe Token: SeTcbPrivilege 2920 mp3studios_6.exe Token: SeSecurityPrivilege 2920 mp3studios_6.exe Token: SeTakeOwnershipPrivilege 2920 mp3studios_6.exe Token: SeLoadDriverPrivilege 2920 mp3studios_6.exe Token: SeSystemProfilePrivilege 2920 mp3studios_6.exe Token: SeSystemtimePrivilege 2920 mp3studios_6.exe Token: SeProfSingleProcessPrivilege 2920 mp3studios_6.exe Token: SeIncBasePriorityPrivilege 2920 mp3studios_6.exe Token: SeCreatePagefilePrivilege 2920 mp3studios_6.exe Token: SeCreatePermanentPrivilege 2920 mp3studios_6.exe Token: SeBackupPrivilege 2920 mp3studios_6.exe Token: SeRestorePrivilege 2920 mp3studios_6.exe Token: SeShutdownPrivilege 2920 mp3studios_6.exe Token: SeDebugPrivilege 2920 mp3studios_6.exe Token: SeAuditPrivilege 2920 mp3studios_6.exe Token: SeSystemEnvironmentPrivilege 2920 mp3studios_6.exe Token: SeChangeNotifyPrivilege 2920 mp3studios_6.exe Token: SeRemoteShutdownPrivilege 2920 mp3studios_6.exe Token: SeUndockPrivilege 2920 mp3studios_6.exe Token: SeSyncAgentPrivilege 2920 mp3studios_6.exe Token: SeEnableDelegationPrivilege 2920 mp3studios_6.exe Token: SeManageVolumePrivilege 2920 mp3studios_6.exe Token: SeImpersonatePrivilege 2920 mp3studios_6.exe Token: SeCreateGlobalPrivilege 2920 mp3studios_6.exe Token: 31 2920 mp3studios_6.exe Token: 32 2920 mp3studios_6.exe Token: 33 2920 mp3studios_6.exe Token: 34 2920 mp3studios_6.exe Token: 35 2920 mp3studios_6.exe
Processes
-
C:\Users\Admin\AppData\Local\Temp\mp3studios_6.exe"C:\Users\Admin\AppData\Local\Temp\mp3studios_6.exe"1⤵
- Suspicious use of AdjustPrivilegeToken
PID:2920 -
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -u -p 2920 -s 18282⤵
- Program crash
PID:704
-
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -pss -s 412 -p 2920 -ip 29201⤵PID:5100