e56afaf430e63ba2367446ebefb6356f1d04a0c7e10416d3851d8f43efe01a7e

Analysis

max time kernel
143s
max time network
146s
platform
windows10-2004_x64
resource
win10v2004-20231222-en
resource tags

arch:x64arch:x86image:win10v2004-20231222-enlocale:en-usos:windows10-2004-x64system
submitted
26/12/2023, 15:31

Target

WebCracker路由密码暴力破解工具 v4.0 绿色特别版下载/WebCrack4.exe
Size

1.5MB
MD5

b50b46ab225da8ba7eeb934bfcbe7390
SHA1

00c68d1b1aa655dfd5bb693c13cdda9dbd34c638
SHA256

d6672c2d47218c2cabba5ba8a4623d9be16fafa91bd14b7a4dfda38032621cbe
SHA512

3621ff2716c64e02a21747e0936c297fef35b9c379ec1ac1de22fae814c801dd988032cf9202537bf05ca81b957f0cd1e4ea011e235b88b8a49ec8f13acc774c
SSDEEP

24576:ftvST6vE3RMlEYPoprnbLVfCHwI/fpN+Qz/n0QZ:FST6vEYPKLVfC/HpkQz/n0Q

Score

1^/10

Suspicious use of AdjustPrivilegeToken 2 IoCs

description	pid	Process
Token: 33	1680	AUDIODG.EXE
Token: SeIncBasePriorityPrivilege	1680	AUDIODG.EXE

C:\Users\Admin\AppData\Local\Temp\WebCracker路由密码暴力破解工具 v4.0 绿色特别版下载\WebCrack4.exe
"C:\Users\Admin\AppData\Local\Temp\WebCracker路由密码暴力破解工具 v4.0 绿色特别版下载\WebCrack4.exe"
1⤵
PID:5056

C:\Windows\system32\AUDIODG.EXE
C:\Windows\system32\AUDIODG.EXE 0x510 0x508
1⤵
- Suspicious use of AdjustPrivilegeToken
PID:1680

memory/5056-0-0x00000000022F0000-0x00000000022F1000-memory.dmp

Filesize
4KB

Download
memory/5056-1-0x0000000000400000-0x000000000057E000-memory.dmp

Filesize
1.5MB

Download
memory/5056-3-0x00000000022F0000-0x00000000022F1000-memory.dmp

Filesize
4KB

Download