Overview

overview

4

Static

static

3

SoundcardSelector.exe

windows7-x64

1

SoundcardSelector.exe

windows10-2004-x64

4

Analysis

  • max time kernel
    138s
  • max time network
    161s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20231020-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20231020-enlocale:en-usos:windows10-2004-x64system
  • submitted
    15-11-2023 11:23

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    SoundcardSelector.exe

  • Size

    28KB

  • MD5

    65dfe0e113a2385f792b3e4750a1f57c

  • SHA1

    a04260e8bd279a7a48f8ce735f7551916591ada4

  • SHA256

    0cad80d77df92287c3823b526a50f93d74708a3d5dafeade7e2ee1f725fa1a2c

  • SHA512

    b2e101bffe394650173b130faa4043d40a6d76f6c42a851ee31c8802be744c4812040eedd3d2b8ed800f1bccdc9dbee309e6bf8bd4566825e4c373ba13a94446

  • SSDEEP

    384:EkLEqmv2Q6u2Y+jC00mS1a7+pbkTKVsh5PO4:EkLEkbA7b9Vsh5p

Score
4/10

Malware Config

Signatures

  • Drops file in Windows directory 1 IoCs
  • Checks processor information in registry 2 TTPs 3 IoCs

    Processor information is often read in order to detect sandboxing environments.

  • Enumerates system info in registry 2 TTPs 2 IoCs
  • Suspicious use of AdjustPrivilegeToken 5 IoCs
  • Suspicious use of WriteProcessMemory 3 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\SoundcardSelector.exe
    "C:\Users\Admin\AppData\Local\Temp\SoundcardSelector.exe"
    1⤵
    • Suspicious use of WriteProcessMemory
    PID:2544
    • C:\Windows\Microsoft.NET\Framework\v2.0.50727\dw20.exe
      dw20.exe -x -s 872
      2⤵
      • Drops file in Windows directory
      • Checks processor information in registry
      • Enumerates system info in registry
      • Suspicious use of AdjustPrivilegeToken
      PID:3380

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • memory/2544-0-0x0000000075420000-0x00000000759D1000-memory.dmp

    Filesize

    5.7MB

    Download

  • memory/2544-1-0x0000000075420000-0x00000000759D1000-memory.dmp

    Filesize

    5.7MB

    Download

  • memory/2544-2-0x0000000000BB0000-0x0000000000BC0000-memory.dmp

    Filesize

    64KB

    Download

  • memory/2544-9-0x0000000075420000-0x00000000759D1000-memory.dmp

    Filesize

    5.7MB

    Download