e70c8651b2698b9a5254df01df853e1241f5fb2ad9f89c2b7b23ca290c79eb58

Analysis

max time kernel
141s
max time network
156s
platform
windows10-2004_x64
resource
win10v2004-20231215-en
resource tags

arch:x64arch:x86image:win10v2004-20231215-enlocale:en-usos:windows10-2004-x64system
submitted
31/12/2023, 18:03

Target

3ab2813193f9df1e700bc77c36568175.exe
Size

96KB
MD5

3ab2813193f9df1e700bc77c36568175
SHA1

6f08776dcba12f089c35d5dcd4a120b8b8f6ea61
SHA256

e70c8651b2698b9a5254df01df853e1241f5fb2ad9f89c2b7b23ca290c79eb58
SHA512

fab1c6e37a4ba54f69331d656d1ce47f61d03ccfac3aec12d121996921c0c2f7c3b9ce593b09729b8d720480c38f165010a4b6430445f79f1ad4171790356311
SSDEEP

768:Xwzvo3+sYnjBaNYk+lCkZ18fbikxpLMitrJxM0Ijm2wnqP3vjoVHGaCSFiB9BrNq:gzqnYno+k2ZseuoM92oVkfNfwKo

Score

1^/10

Suspicious use of AdjustPrivilegeToken 2 IoCs

description	pid	Process
Token: 33	2664	AUDIODG.EXE
Token: SeIncBasePriorityPrivilege	2664	AUDIODG.EXE

C:\Users\Admin\AppData\Local\Temp\3ab2813193f9df1e700bc77c36568175.exe
"C:\Users\Admin\AppData\Local\Temp\3ab2813193f9df1e700bc77c36568175.exe"
1⤵
PID:1892

C:\Windows\system32\AUDIODG.EXE
C:\Windows\system32\AUDIODG.EXE 0x2ec 0x49c
1⤵
- Suspicious use of AdjustPrivilegeToken
PID:2664