751944235ed2d03fa833d3f1eefa96a97621dd705c6c8b6ae46a02022fdb2e1c

Analysis

max time kernel
138s
max time network
157s
platform
windows10-2004_x64
resource
win10v2004-20230915-en
resource tags

arch:x64arch:x86image:win10v2004-20230915-enlocale:en-usos:windows10-2004-x64system
submitted
13-10-2023 13:11

Target

751944235ed2d03fa833d3f1eefa96a97621dd705c6c8b6ae46a02022fdb2e1c.exe
Size

10.0MB
MD5

6cf0a592830fd2d432caff8906b158cb
SHA1

6ebd3edfc330420789ec924ecd12f7143d2a396f
SHA256

751944235ed2d03fa833d3f1eefa96a97621dd705c6c8b6ae46a02022fdb2e1c
SHA512

cc7247ce77cc9ee98bf3b1bf8b49f47a5205e45f2c664cf90edab95abfe681d35cf2331acafb35d41b8d3be48f2c14afc1da8aad9d0155fd32eb68b58dfa5f8f
SSDEEP

196608:mKGnJzgTmX5ad0OIOZ6sSOplVpFL1bmnmIZHoxl/6ZI:8zgTmX5aui6sZpfBmmYHoT/oI

Score

7^/10

Executes dropped EXE 1 IoCs

Processes:

751944235ed2d03fa833d3f1eefa96a97621dd705c6c8b6ae46a02022fdb2e1c.exe

pid process

4204 751944235ed2d03fa833d3f1eefa96a97621dd705c6c8b6ae46a02022fdb2e1c.exe
Suspicious behavior: RenamesItself 1 IoCs

Processes:

751944235ed2d03fa833d3f1eefa96a97621dd705c6c8b6ae46a02022fdb2e1c.exe

pid process

4556 751944235ed2d03fa833d3f1eefa96a97621dd705c6c8b6ae46a02022fdb2e1c.exe
Suspicious use of AdjustPrivilegeToken 2 IoCs

Processes:

AUDIODG.EXE

description pid process

Token: 33 4028 AUDIODG.EXE
Token: SeIncBasePriorityPrivilege 4028 AUDIODG.EXE

pid	process
4204	751944235ed2d03fa833d3f1eefa96a97621dd705c6c8b6ae46a02022fdb2e1c.exe

description	pid	process
Token: 33	4028	AUDIODG.EXE
Token: SeIncBasePriorityPrivilege	4028	AUDIODG.EXE

Suspicious use of SetWindowsHookEx 4 IoCs

Processes:

751944235ed2d03fa833d3f1eefa96a97621dd705c6c8b6ae46a02022fdb2e1c.exe751944235ed2d03fa833d3f1eefa96a97621dd705c6c8b6ae46a02022fdb2e1c.exe

pid	process
4556	751944235ed2d03fa833d3f1eefa96a97621dd705c6c8b6ae46a02022fdb2e1c.exe
4556	751944235ed2d03fa833d3f1eefa96a97621dd705c6c8b6ae46a02022fdb2e1c.exe
4204	751944235ed2d03fa833d3f1eefa96a97621dd705c6c8b6ae46a02022fdb2e1c.exe
4204	751944235ed2d03fa833d3f1eefa96a97621dd705c6c8b6ae46a02022fdb2e1c.exe

Suspicious use of WriteProcessMemory 3 IoCs

Processes:

751944235ed2d03fa833d3f1eefa96a97621dd705c6c8b6ae46a02022fdb2e1c.exe

description	pid	process	target process
PID 4556 wrote to memory of 4204	4556	751944235ed2d03fa833d3f1eefa96a97621dd705c6c8b6ae46a02022fdb2e1c.exe	751944235ed2d03fa833d3f1eefa96a97621dd705c6c8b6ae46a02022fdb2e1c.exe
PID 4556 wrote to memory of 4204	4556	751944235ed2d03fa833d3f1eefa96a97621dd705c6c8b6ae46a02022fdb2e1c.exe	751944235ed2d03fa833d3f1eefa96a97621dd705c6c8b6ae46a02022fdb2e1c.exe
PID 4556 wrote to memory of 4204	4556	751944235ed2d03fa833d3f1eefa96a97621dd705c6c8b6ae46a02022fdb2e1c.exe	751944235ed2d03fa833d3f1eefa96a97621dd705c6c8b6ae46a02022fdb2e1c.exe

C:\Windows\system32\AUDIODG.EXE
C:\Windows\system32\AUDIODG.EXE 0x504 0x524
1⤵
- Suspicious use of AdjustPrivilegeToken
PID:4028

C:\Users\Admin\AppData\Local\Temp\751944235ed2d03fa833d3f1eefa96a97621dd705c6c8b6ae46a02022fdb2e1c.exe
Filesize
10.0MB

MD5
4f414510d668966a89372e981db78346

SHA1
1451e599edf119666efe1dac4e9ef1e4ceef6795

SHA256
d7dbf4514bbd22490af96fd752675974aa80c0e3602d1a50c0f0b4461bf0c2d2

SHA512
b7372bcfaf4dd7db5e7351a2a0855832b9c9bbad8e4e0cce4195fd67d506821e8de7161cb6ff6da6301b0a2d0133c0fafc55a5d5869c160d018b500ef692be5d

Download Submit
memory/4204-5-0x0000000077890000-0x0000000077980000-memory.dmp

Filesize
960KB

Download
memory/4204-8-0x0000000077890000-0x0000000077980000-memory.dmp

Filesize
960KB

Download
memory/4556-1-0x0000000000400000-0x0000000000E50000-memory.dmp

Filesize
10.3MB

Download
memory/4556-6-0x0000000000400000-0x0000000000E50000-memory.dmp

Filesize
10.3MB

Download