a971785f310f7a2c8907b8094a585b2d66df20087b9d3b9ef9c2ed02b8e04f77

Analysis

max time kernel
136s
max time network
145s
platform
windows10-2004_x64
resource
win10v2004-20231020-en
resource tags

arch:x64arch:x86image:win10v2004-20231020-enlocale:en-usos:windows10-2004-x64system
submitted
12/11/2023, 07:24

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

Meteos Test version negative 10000/Meteos Test.exe
Size

651KB
MD5

65be9ef7b720d36481f9e211c72f6fd6
SHA1

4e8da2a80f5d2181b06b8efccd431903c8aa2ab0
SHA256

cd7b648a779720458df5283e5256826a0a4f9af076c7e740cbe78e025a4892a5
SHA512

2293ac8126b2fe06a2f6f618181d4cf8a089129f9abcbe229e04a37a1bf4e6bc74d84a0dfc5b96b1aec773df287f12714cd9c886c62cf113f5d4ef7a507794aa
SSDEEP

3072:bQJ/VdFgIW9mYucJ/OD8JlsI9mTIC7G2E1:w/7FG9mpcJ/OD8z/

Score

1^/10

Malware Config

Signatures

Suspicious use of AdjustPrivilegeToken 2 IoCs

description	pid	Process
Token: 33	4600	AUDIODG.EXE
Token: SeIncBasePriorityPrivilege	4600	AUDIODG.EXE

Suspicious use of SetWindowsHookEx 1 IoCs

pid	Process
4240	Meteos Test.exe

Suspicious use of WriteProcessMemory 2 IoCs

description	pid	Process	procid_target
PID 4240 wrote to memory of 900	4240	Meteos Test.exe	89
PID 4240 wrote to memory of 900	4240	Meteos Test.exe	89

C:\Users\Admin\AppData\Local\Temp\Meteos Test version negative 10000\Meteos Test.exe
"C:\Users\Admin\AppData\Local\Temp\Meteos Test version negative 10000\Meteos Test.exe"
1⤵
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:4240
- C:\Users\Admin\AppData\Local\Temp\Meteos Test version negative 10000\UnityCrashHandler64.exe
  "C:\Users\Admin\AppData\Local\Temp\Meteos Test version negative 10000\UnityCrashHandler64.exe" --attach 4240 1552427388928
  2⤵
  PID:900

C:\Windows\system32\AUDIODG.EXE
C:\Windows\system32\AUDIODG.EXE 0x518 0x504
1⤵
- Suspicious use of AdjustPrivilegeToken
PID:4600

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

memory/4240-0-0x0000016975710000-0x0000016975720000-memory.dmp

Filesize
64KB

Download
memory/4240-1-0x0000016975700000-0x0000016975710000-memory.dmp

Filesize
64KB

Download
memory/4240-2-0x0000016A79740000-0x0000016A79750000-memory.dmp

Filesize
64KB

Download
memory/4240-3-0x0000016A79770000-0x0000016A79790000-memory.dmp

Filesize
128KB

Download
memory/4240-4-0x0000016A7AB40000-0x0000016A7AB50000-memory.dmp

Filesize
64KB

Download
memory/4240-5-0x0000016A9C2C0000-0x0000016A9C2D0000-memory.dmp

Filesize
64KB

Download
memory/4240-6-0x0000016ADCD00000-0x0000016ADCD10000-memory.dmp

Filesize
64KB

Download
memory/4240-7-0x0000016ADCD10000-0x0000016ADCD20000-memory.dmp

Filesize
64KB

Download
memory/4240-8-0x0000016ADCD20000-0x0000016ADCD30000-memory.dmp

Filesize
64KB

Download
memory/4240-9-0x0000016ADCD30000-0x0000016ADCD40000-memory.dmp

Filesize
64KB

Download
memory/4240-10-0x0000016ADCEB0000-0x0000016ADCEC0000-memory.dmp

Filesize
64KB

Download
memory/4240-11-0x0000016975710000-0x0000016975720000-memory.dmp

Filesize
64KB

Download
memory/4240-12-0x0000016975700000-0x0000016975710000-memory.dmp

Filesize
64KB

Download
memory/4240-13-0x0000016A79740000-0x0000016A79750000-memory.dmp

Filesize
64KB

Download
memory/4240-14-0x0000016ADDE90000-0x0000016ADDEB0000-memory.dmp

Filesize
128KB

Download
memory/4240-15-0x0000016ADED20000-0x0000016ADED30000-memory.dmp

Filesize
64KB

Download
memory/4240-16-0x0000016A79770000-0x0000016A79790000-memory.dmp

Filesize
128KB

Download
memory/4240-17-0x0000016A7AB40000-0x0000016A7AB50000-memory.dmp

Filesize
64KB

Download
memory/4240-18-0x0000016A9C2C0000-0x0000016A9C2D0000-memory.dmp

Filesize
64KB

Download
memory/4240-19-0x0000016ADCD00000-0x0000016ADCD10000-memory.dmp

Filesize
64KB

Download
memory/4240-20-0x0000016ADCD10000-0x0000016ADCD20000-memory.dmp

Filesize
64KB

Download
memory/4240-21-0x0000016ADCD20000-0x0000016ADCD30000-memory.dmp

Filesize
64KB

Download
memory/4240-22-0x0000016ADCD30000-0x0000016ADCD40000-memory.dmp

Filesize
64KB

Download
memory/4240-23-0x0000016ADCEB0000-0x0000016ADCEC0000-memory.dmp

Filesize
64KB

Download
memory/4240-24-0x0000016ADED20000-0x0000016ADED30000-memory.dmp

Filesize
64KB

Download

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads