ad6fb12a69ada25185577b2da24bdff6dc00a00618ea99d10bd5611013c90f47

Analysis

max time kernel
148s
max time network
150s
platform
windows10-2004_x64
resource
win10v2004-20231215-en
resource tags

arch:x64arch:x86image:win10v2004-20231215-enlocale:en-usos:windows10-2004-x64system
submitted
31/12/2023, 14:01

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

390015d34d53b13a5a861e5fe40be996.exe
Size

4.1MB
MD5

390015d34d53b13a5a861e5fe40be996
SHA1

06a6f40ee6508766f1a17563d513c15c9080ced6
SHA256

ad6fb12a69ada25185577b2da24bdff6dc00a00618ea99d10bd5611013c90f47
SHA512

9411247057dbe133248f9937868390f2862af1c5233c2d3ef567203c1b396eb17b0cc22b3f65dde287a8eeacff6d8beb20ad7496f02700ef7bb7f63102f40323
SSDEEP

98304:Q4vzBm2oT2B6FVQ3qFh2v+C1iMV0KnZ5XN2WWOq+a4kWW2d5eDcq:Q4vzoTQ6jz+vj8MVzfNiBLt24

Score

7^/10

Malware Config

Signatures

Loads dropped DLL 1 IoCs

pid	Process
3284	390015d34d53b13a5a861e5fe40be996.exe

Drops file in System32 directory 1 IoCs

description	ioc	Process
File created	C:\Windows\SysWOW64\BASSMOD.dll	390015d34d53b13a5a861e5fe40be996.exe

Suspicious use of AdjustPrivilegeToken 2 IoCs

description	pid	Process
Token: 33	4944	AUDIODG.EXE
Token: SeIncBasePriorityPrivilege	4944	AUDIODG.EXE

C:\Users\Admin\AppData\Local\Temp\390015d34d53b13a5a861e5fe40be996.exe
"C:\Users\Admin\AppData\Local\Temp\390015d34d53b13a5a861e5fe40be996.exe"
1⤵
- Loads dropped DLL
- Drops file in System32 directory
PID:3284

C:\Windows\system32\AUDIODG.EXE
C:\Windows\system32\AUDIODG.EXE 0x378 0x410
1⤵
- Suspicious use of AdjustPrivilegeToken
PID:4944

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Windows\SysWOW64\BASSMOD.dll

Filesize
33KB

MD5
e4ec57e8508c5c4040383ebe6d367928

SHA1
b22bcce36d9fdeae8ab7a7ecc0b01c8176648d06

SHA256
8ad9e47693e292f381da42ddc13724a3063040e51c26f4ca8e1f8e2f1ddd547f

SHA512
77d5cf66caf06e192e668fae2b2594e60a498e8e0ccef5b09b9710721a4cdb0c852d00c446fd32c5b5c85e739de2e73cb1f1f6044879fe7d237341bbb6f27822

Download Submit
memory/3284-13-0x0000000010000000-0x0000000010013000-memory.dmp

Filesize
76KB

Download
memory/3284-14-0x0000000010000000-0x0000000010013000-memory.dmp

Filesize
76KB

Download
memory/3284-0-0x0000000000400000-0x00000000012A5000-memory.dmp

Filesize
14.6MB

Download
memory/3284-1-0x0000000001300000-0x0000000001301000-memory.dmp

Filesize
4KB

Download
memory/3284-8-0x0000000000400000-0x00000000012A5000-memory.dmp

Filesize
14.6MB

Download
memory/3284-10-0x0000000001300000-0x0000000001301000-memory.dmp

Filesize
4KB

Download
memory/3284-9-0x0000000010000000-0x0000000010013000-memory.dmp

Filesize
76KB

Download
memory/3284-11-0x0000000010000000-0x0000000010013000-memory.dmp

Filesize
76KB

Download
memory/3284-6-0x0000000010000000-0x0000000010013000-memory.dmp

Filesize
76KB

Download
memory/3284-12-0x0000000010000000-0x0000000010013000-memory.dmp

Filesize
76KB

Download
memory/3284-7-0x0000000010000000-0x0000000010013000-memory.dmp

Filesize
76KB

Download
memory/3284-15-0x0000000010000000-0x0000000010013000-memory.dmp

Filesize
76KB

Download
memory/3284-16-0x0000000010000000-0x0000000010013000-memory.dmp

Filesize
76KB

Download
memory/3284-17-0x0000000010000000-0x0000000010013000-memory.dmp

Filesize
76KB

Download
memory/3284-18-0x0000000010000000-0x0000000010013000-memory.dmp

Filesize
76KB

Download
memory/3284-19-0x0000000010000000-0x0000000010013000-memory.dmp

Filesize
76KB

Download
memory/3284-20-0x0000000010000000-0x0000000010013000-memory.dmp

Filesize
76KB

Download
memory/3284-21-0x0000000010000000-0x0000000010013000-memory.dmp

Filesize
76KB

Download
memory/3284-22-0x0000000010000000-0x0000000010013000-memory.dmp

Filesize
76KB

Download

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads