Analysis

  • max time kernel
    150s
  • max time network
    141s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20231127-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20231127-enlocale:en-usos:windows10-2004-x64system
  • submitted
    02-12-2023 11:14

General

  • Target

    a104a127b53b5f3ec3cdf1021a679dbce7706d5820db923088c0069bae1a75ad.exe

  • Size

    1.4MB

  • MD5

    33dc2ffe8dac690061d12fbfda976c81

  • SHA1

    79d2813b9e54bec23a1c1711907064973bef01ce

  • SHA256

    a104a127b53b5f3ec3cdf1021a679dbce7706d5820db923088c0069bae1a75ad

  • SHA512

    5acb32dc2f7f32047a0aa23ce6fd4bc23fd93f8f97713d97bc34f409add540a128151c737508c8cae2335587456e0db4104d9d94a16fafbfa41de1d6c9e66a5d

  • SSDEEP

    24576:hfed7oP5HV686vihb5iDSVXT5XpShVOAYV5vBgNdmsAya:hWd7ohV686vuhXT5XohjU5Jgjm91

Score
1/10

Malware Config

Signatures

  • Suspicious behavior: EnumeratesProcesses 64 IoCs
  • Suspicious use of AdjustPrivilegeToken 3 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\a104a127b53b5f3ec3cdf1021a679dbce7706d5820db923088c0069bae1a75ad.exe
    "C:\Users\Admin\AppData\Local\Temp\a104a127b53b5f3ec3cdf1021a679dbce7706d5820db923088c0069bae1a75ad.exe"
    1⤵
    • Suspicious behavior: EnumeratesProcesses
    • Suspicious use of AdjustPrivilegeToken
    PID:1704
  • C:\Windows\system32\AUDIODG.EXE
    C:\Windows\system32\AUDIODG.EXE 0x55c 0x508
    1⤵
    • Suspicious use of AdjustPrivilegeToken
    PID:4452

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Users\Admin\Documents\FLiNGTrainer\TrainerSettings.ini

    Filesize

    89B

    MD5

    348beb1303020f7b1a6e904441419fe3

    SHA1

    3c2b039e85dd032e08be7626da1630edeff18fff

    SHA256

    9b40d323a1bf0d36fd82dbd36784602e69107073507e8960ebe6c691dbcbda82

    SHA512

    ec12127abc419484b65ebf60eead4b3d2289ead50d6879d664bf6e053050326b199a59f216855b631bc813b0e6cddd5e9640e53e70fd9eb1301646d1bc83850e