1841c6b8f7bced635a6a24cd7fd913b6f64ffb4e6e60300182b2199b10dbe2cd | Triage

Analysis

max time kernel
616s
max time network
619s
platform
windows7_x64
resource
win7-20231215-en
resource tags

arch:x64arch:x86image:win7-20231215-enlocale:en-usos:windows7-x64system
submitted
13-01-2024 11:13

Sharing

Report Analysis Logs

General

Target

eicar.zip
Size

358B
MD5

0a36fd59837f65ecec597b7952770598
SHA1

4815f053ac2279dfcdb23e1f2c93c3ee17e81d7b
SHA256

1841c6b8f7bced635a6a24cd7fd913b6f64ffb4e6e60300182b2199b10dbe2cd
SHA512

c66e2a6297602b1f43e00810b1e9e73474e0b07ab7b9917894979c8dc644676a0747da15ff16c6c9919b66abbf534643e2448cf58a0dad92d146f0c1545f7de7

Score

1^/10

Malware Config

Signatures

Suspicious use of AdjustPrivilegeToken 4 IoCs

Processes:

AUDIODG.EXE

description	pid	process
Token: 33	2556	AUDIODG.EXE
Token: SeIncBasePriorityPrivilege	2556	AUDIODG.EXE
Token: 33	2556	AUDIODG.EXE
Token: SeIncBasePriorityPrivilege	2556	AUDIODG.EXE

C:\Windows\Explorer.exe
C:\Windows\Explorer.exe /idlist,,C:\Users\Admin\AppData\Local\Temp\eicar.zip
1⤵
PID:2064

C:\Windows\SysWOW64\DllHost.exe
C:\Windows\SysWOW64\DllHost.exe /Processid:{06622D85-6856-4460-8DE1-A81921B41C4B}
1⤵
PID:3048

C:\Windows\system32\AUDIODG.EXE
C:\Windows\system32\AUDIODG.EXE 0x570
1⤵
- Suspicious use of AdjustPrivilegeToken
PID:2556

C:\Windows\SysWOW64\DllHost.exe
C:\Windows\SysWOW64\DllHost.exe /Processid:{06622D85-6856-4460-8DE1-A81921B41C4B}
1⤵
PID:2640

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...