e08851eb791a566a3c60f61cc98e7be88a81109e43db3d536395c9e2cf691aff

Analysis

max time kernel
109s
max time network
64s
platform
windows11-21h2_x64
resource
win11-20231222-en
resource tags

arch:x64arch:x86image:win11-20231222-enlocale:en-usos:windows11-21h2-x64system
submitted
06/01/2024, 07:53

Target

dtdem_sp.exe
Size

672KB
MD5

5b064e509d027584db4f1ee8e9093f7e
SHA1

e346d85e62078ad9ea45434aa9c5a0773405965b
SHA256

3872ce8621ced87905f7fcb678148b99a1ee1574c1c594ad62cb025a8c932303
SHA512

238c1064be87137dc9f2c9bdba2361f28563284e0f9b93365155c615e20f3a05f1909cb713a5c8e01324304b8612a5c2f211ae8de5eb9def952892752808a282
SSDEEP

6144:JCLhhCOSJePjWelGlR9hUc8ohV+gMiXHCbcn8gdvItcLQwFNMnCJSQk2kNDTKK+5:zHePv8RrctiXdFNrSQkVN9ryOfpGYF

Score

1^/10

Suspicious use of AdjustPrivilegeToken 2 IoCs

description	pid	Process
Token: 33	4940	AUDIODG.EXE
Token: SeIncBasePriorityPrivilege	4940	AUDIODG.EXE

C:\Users\Admin\AppData\Local\Temp\dtdem_sp.exe
"C:\Users\Admin\AppData\Local\Temp\dtdem_sp.exe"
1⤵
PID:2096

C:\Windows\system32\AUDIODG.EXE
C:\Windows\system32\AUDIODG.EXE 0x00000000000004D0 0x00000000000004E0
1⤵
- Suspicious use of AdjustPrivilegeToken
PID:4940