13a131424e60b983354d694e188dad03b7be4c3b7a96a62c0d7c6692399d6a9a

Analysis

max time kernel
167s
max time network
176s
platform
windows10-2004_x64
resource
win10v2004-20230915-en
resource tags

arch:x64arch:x86image:win10v2004-20230915-enlocale:en-usos:windows10-2004-x64system
submitted
13-10-2023 13:11

Target

13a131424e60b983354d694e188dad03b7be4c3b7a96a62c0d7c6692399d6a9a.exe
Size

10.0MB
MD5

ee47a4de586327636f6a992fd4797a1b
SHA1

c7c16a1152897ee47262c4c7eaee2e1177f068e4
SHA256

13a131424e60b983354d694e188dad03b7be4c3b7a96a62c0d7c6692399d6a9a
SHA512

3fe532dc1bb566f4896dbb2716ac1cbead9d2c8b9b539d02eb2a245af8e37d91dc2f04d51e74c6b17a97f918039319fa1dfb26ee9e3f4b24cdc8a45fd8f10adb
SSDEEP

196608:1xGnJzgTmX5ad0OIOZ6sSOplVpFL1bmnmIZHoxl/6Zy:+zgTmX5aui6sZpfBmmYHoT/oy

Score

7^/10

Executes dropped EXE 1 IoCs

Processes:

13a131424e60b983354d694e188dad03b7be4c3b7a96a62c0d7c6692399d6a9a.exe

pid process

2212 13a131424e60b983354d694e188dad03b7be4c3b7a96a62c0d7c6692399d6a9a.exe
Suspicious behavior: RenamesItself 1 IoCs

Processes:

13a131424e60b983354d694e188dad03b7be4c3b7a96a62c0d7c6692399d6a9a.exe

pid process

1104 13a131424e60b983354d694e188dad03b7be4c3b7a96a62c0d7c6692399d6a9a.exe
Suspicious use of AdjustPrivilegeToken 2 IoCs

Processes:

AUDIODG.EXE

description pid process

Token: 33 4636 AUDIODG.EXE
Token: SeIncBasePriorityPrivilege 4636 AUDIODG.EXE

pid	process
2212	13a131424e60b983354d694e188dad03b7be4c3b7a96a62c0d7c6692399d6a9a.exe

description	pid	process
Token: 33	4636	AUDIODG.EXE
Token: SeIncBasePriorityPrivilege	4636	AUDIODG.EXE

Suspicious use of SetWindowsHookEx 4 IoCs

Processes:

13a131424e60b983354d694e188dad03b7be4c3b7a96a62c0d7c6692399d6a9a.exe13a131424e60b983354d694e188dad03b7be4c3b7a96a62c0d7c6692399d6a9a.exe

Suspicious use of WriteProcessMemory 3 IoCs

Processes:

13a131424e60b983354d694e188dad03b7be4c3b7a96a62c0d7c6692399d6a9a.exe

description	pid	process	target process
PID 1104 wrote to memory of 2212	1104	13a131424e60b983354d694e188dad03b7be4c3b7a96a62c0d7c6692399d6a9a.exe	13a131424e60b983354d694e188dad03b7be4c3b7a96a62c0d7c6692399d6a9a.exe
PID 1104 wrote to memory of 2212	1104	13a131424e60b983354d694e188dad03b7be4c3b7a96a62c0d7c6692399d6a9a.exe	13a131424e60b983354d694e188dad03b7be4c3b7a96a62c0d7c6692399d6a9a.exe
PID 1104 wrote to memory of 2212	1104	13a131424e60b983354d694e188dad03b7be4c3b7a96a62c0d7c6692399d6a9a.exe	13a131424e60b983354d694e188dad03b7be4c3b7a96a62c0d7c6692399d6a9a.exe

C:\Windows\system32\AUDIODG.EXE
C:\Windows\system32\AUDIODG.EXE 0x2f8 0x2f4
1⤵
- Suspicious use of AdjustPrivilegeToken
PID:4636

C:\Users\Admin\AppData\Local\Temp\13a131424e60b983354d694e188dad03b7be4c3b7a96a62c0d7c6692399d6a9a.exe
Filesize
10.0MB

MD5
7c9ab19ba1ecf327701fc628eee3e5d7

SHA1
538eda8d59e61cd6d492a3c557cfc10ee5f264db

SHA256
6744809b946f2fd9c89bf6f1e75420a0fcf0f0e918f9a5692494c2e7bb87870f

SHA512
5e1679e4a056808aae76f3b66872e08876e58c35182a72885877149c523186f805d6686f6c81e9e060a2e76caa93644a364fa47a2fdabaa2e1f6105ff4a77112

Download Submit
memory/1104-4-0x0000000000400000-0x0000000000E50000-memory.dmp

Filesize
10.3MB

Download
memory/2212-3-0x0000000077070000-0x0000000077160000-memory.dmp

Filesize
960KB

Download
memory/2212-5-0x0000000077070000-0x0000000077160000-memory.dmp

Filesize
960KB

Download