e08851eb791a566a3c60f61cc98e7be88a81109e43db3d536395c9e2cf691aff

Analysis

max time kernel
87s
max time network
92s
platform
windows11-21h2_x64
resource
win11-20231215-en
resource tags

arch:x64arch:x86image:win11-20231215-enlocale:en-usos:windows11-21h2-x64system
submitted
06/01/2024, 07:53

Target

dtdem_la.exe
Size

672KB
MD5

30fe41f28623ac899262e90b556e4228
SHA1

cea46c3bd4d7ad8123208dcfee9b9e885e38d1d1
SHA256

2c2ced37dcf30810d2a83f348e6f9c3e9523ff7085ed652eeb0e42b59eb2e3fc
SHA512

42117c74c25807cb9269b64c99f664c9e28eb510ac563e2f35688d2531bd31a1cd357407cbd5b5f74182a282fc0fcc8064c3136efe720f9ab19dd329eceeb5f5
SSDEEP

6144:3CMq+kfqZRf4s5PyTMSQ4soCVugZyXUCrnX7gdJIj0rvlq18Iydnrk2kknoKK+ET:+SRfQISQYYyXGY1MnrkVWoryGYpGYV

Score

1^/10

Suspicious use of AdjustPrivilegeToken 2 IoCs

description	pid	Process
Token: 33	4752	AUDIODG.EXE
Token: SeIncBasePriorityPrivilege	4752	AUDIODG.EXE

C:\Users\Admin\AppData\Local\Temp\dtdem_la.exe
"C:\Users\Admin\AppData\Local\Temp\dtdem_la.exe"
1⤵
PID:548

C:\Windows\system32\AUDIODG.EXE
C:\Windows\system32\AUDIODG.EXE 0x00000000000004E4 0x00000000000004D8
1⤵
- Suspicious use of AdjustPrivilegeToken
PID:4752