9a84a9001644e7200e984dfc45884e3e9e87bcbd5b3b212e410dcdaaf71336c9

Analysis

max time kernel
127s
max time network
140s
platform
windows10-2004_x64
resource
win10v2004-20230703-en
resource tags

arch:x64arch:x86image:win10v2004-20230703-enlocale:en-usos:windows10-2004-x64system
submitted
27-08-2023 08:52

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

mp3studios_6.exe
Size

1.4MB
MD5

4991dbb29f6f702174e974e8c2224c1d
SHA1

15b4874d3b8ee4c54aa44d77b92f4032be33a936
SHA256

9a84a9001644e7200e984dfc45884e3e9e87bcbd5b3b212e410dcdaaf71336c9
SHA512

ea051008f69c990e54f75a07de0aef30fb4cc56ec403c44be2f0420fabea9b95511c45de511679bec7f9f2622c62546cbe8ab53e2292f0393f00f81af3364f99
SSDEEP

24576:IJSLpwfVWRh0SGQ48Lm2194mKa4qrNdW9NTPjVt5qBlzu:Iup62ESMTjTPjVTq/zu

Score

3^/10

Malware Config

Signatures

Program crash 1 IoCs

Processes:

WerFault.exe

pid pid_target process target process

704 2920 WerFault.exe mp3studios_6.exe

pid	pid_target	process	target process
704	2920	WerFault.exe	mp3studios_6.exe

Suspicious use of AdjustPrivilegeToken 34 IoCs

Processes:

mp3studios_6.exe

description	pid	process
Token: SeCreateTokenPrivilege	2920	mp3studios_6.exe
Token: SeAssignPrimaryTokenPrivilege	2920	mp3studios_6.exe
Token: SeLockMemoryPrivilege	2920	mp3studios_6.exe
Token: SeIncreaseQuotaPrivilege	2920	mp3studios_6.exe
Token: SeMachineAccountPrivilege	2920	mp3studios_6.exe
Token: SeTcbPrivilege	2920	mp3studios_6.exe
Token: SeSecurityPrivilege	2920	mp3studios_6.exe
Token: SeTakeOwnershipPrivilege	2920	mp3studios_6.exe
Token: SeLoadDriverPrivilege	2920	mp3studios_6.exe
Token: SeSystemProfilePrivilege	2920	mp3studios_6.exe
Token: SeSystemtimePrivilege	2920	mp3studios_6.exe
Token: SeProfSingleProcessPrivilege	2920	mp3studios_6.exe
Token: SeIncBasePriorityPrivilege	2920	mp3studios_6.exe
Token: SeCreatePagefilePrivilege	2920	mp3studios_6.exe
Token: SeCreatePermanentPrivilege	2920	mp3studios_6.exe
Token: SeBackupPrivilege	2920	mp3studios_6.exe
Token: SeRestorePrivilege	2920	mp3studios_6.exe
Token: SeShutdownPrivilege	2920	mp3studios_6.exe
Token: SeDebugPrivilege	2920	mp3studios_6.exe
Token: SeAuditPrivilege	2920	mp3studios_6.exe
Token: SeSystemEnvironmentPrivilege	2920	mp3studios_6.exe
Token: SeChangeNotifyPrivilege	2920	mp3studios_6.exe
Token: SeRemoteShutdownPrivilege	2920	mp3studios_6.exe
Token: SeUndockPrivilege	2920	mp3studios_6.exe
Token: SeSyncAgentPrivilege	2920	mp3studios_6.exe
Token: SeEnableDelegationPrivilege	2920	mp3studios_6.exe
Token: SeManageVolumePrivilege	2920	mp3studios_6.exe
Token: SeImpersonatePrivilege	2920	mp3studios_6.exe
Token: SeCreateGlobalPrivilege	2920	mp3studios_6.exe
Token: 31	2920	mp3studios_6.exe
Token: 32	2920	mp3studios_6.exe
Token: 33	2920	mp3studios_6.exe
Token: 34	2920	mp3studios_6.exe
Token: 35	2920	mp3studios_6.exe

C:\Users\Admin\AppData\Local\Temp\mp3studios_6.exe
"C:\Users\Admin\AppData\Local\Temp\mp3studios_6.exe"
1⤵
- Suspicious use of AdjustPrivilegeToken
PID:2920

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2920 -s 1828
2⤵
- Program crash
PID:704

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 412 -p 2920 -ip 2920
1⤵
PID:5100

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads