cc0beac62ced0e1c4c887480c8fbcf914a73ed49cd0a29be60ba98d591f88e8d | Triage

Analysis

max time kernel
184s
max time network
205s
platform
windows10-2004_x64
resource
win10v2004-20230915-en
resource tags

arch:x64arch:x86image:win10v2004-20230915-enlocale:en-usos:windows10-2004-x64system
submitted
12/10/2023, 08:07

Sharing

Report Analysis Logs

General

Target

Funkin.exe
Size

13.6MB
MD5

789315610829029a10f7a7f32c3886b2
SHA1

9cdc50e5eb12273ec2c2a87388cc0c10ce5b0e07
SHA256

3c0d807a6dbb1eb06317edf4f1e16d8701b8cb51b6375b2d17d65b5eeb43144e
SHA512

01bf64fb86edc59e8d0f3f55213f4bc16b9a589b049701f093d6846ebd1a44008be1c299d562e1fe5cb91865b006007b1a0ce2d2375c1124dcbf1e87637776e1
SSDEEP

98304:fd6yaHBL8zzuWd+c+Tpr/KlD+zPJ+KhZoOTnzirfw:fd6yaHBLgzuWd+TF/KF+zhBVR

Score

1^/10

Malware Config

Signatures

Suspicious use of AdjustPrivilegeToken 2 IoCs

description	pid	Process
Token: 33	100	AUDIODG.EXE
Token: SeIncBasePriorityPrivilege	100	AUDIODG.EXE

Suspicious use of SetWindowsHookEx 1 IoCs

pid	Process
2760	Funkin.exe

C:\Users\Admin\AppData\Local\Temp\Funkin.exe
"C:\Users\Admin\AppData\Local\Temp\Funkin.exe"
1⤵
- Suspicious use of SetWindowsHookEx
PID:2760

C:\Windows\system32\AUDIODG.EXE
C:\Windows\system32\AUDIODG.EXE 0x494 0x390
1⤵
- Suspicious use of AdjustPrivilegeToken
PID:100

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads