e08851eb791a566a3c60f61cc98e7be88a81109e43db3d536395c9e2cf691aff

Analysis

max time kernel
88s
max time network
94s
platform
windows11-21h2_x64
resource
win11-20231215-en
resource tags

arch:x64arch:x86image:win11-20231215-enlocale:en-usos:windows11-21h2-x64system
submitted
06/01/2024, 07:53

Target

dtdem_fr.exe
Size

704KB
MD5

e4df5008cca97fb376c1800459fc90f7
SHA1

8a4309976ae9d75b2d34be2165c2b60d5e97cb93
SHA256

5579a4c1ff858832233027f3cb77332b13538f58e604668f431d81d18b95b170
SHA512

d6a0130c5028ac6c19a2a7fd9255ee5793dc1324df58ae9f2ccb2ca55883c3ff1a7850e1b96f9a51ea18dcdab0650435769ae00a47bfcf82ffc82d40b889595f
SSDEEP

6144:qj8RyNpPhdcrg0uUHkqjAJzAzdgQGGMY8CmlyzfLgeyIP678N0+jFNxx7cvbk2VQ:ybHcswEq9FGGJDNAvbkCryPQT+u05Yn

Score

1^/10

Suspicious use of AdjustPrivilegeToken 2 IoCs

description	pid	Process
Token: 33	2664	AUDIODG.EXE
Token: SeIncBasePriorityPrivilege	2664	AUDIODG.EXE

C:\Users\Admin\AppData\Local\Temp\dtdem_fr.exe
"C:\Users\Admin\AppData\Local\Temp\dtdem_fr.exe"
1⤵
PID:4488

C:\Windows\system32\AUDIODG.EXE
C:\Windows\system32\AUDIODG.EXE 0x00000000000004D8 0x00000000000004C4
1⤵
- Suspicious use of AdjustPrivilegeToken
PID:2664