55ad43218e3f8aba514e2d69c54f3e9f7c43d85e869274e4cc86cb1507e9a6a8

Analysis

max time kernel
150s
max time network
150s
platform
windows10-2004_x64
resource
win10v2004-20231222-en
resource tags

arch:x64arch:x86image:win10v2004-20231222-enlocale:en-usos:windows10-2004-x64system
submitted
19/01/2024, 07:10

Target

ACR+11Tr-LNG/ACR+11Tr-LNG.exe
Size

2.2MB
MD5

f1652922addfb8cda246e360ccdf3a04
SHA1

12d9be8ba3e6b23ceca08c5e467dc9556223c60c
SHA256

710245b077076600d8a3589c6a30329ecc871c491ec86a65d4cbaefbb8abc976
SHA512

70ecf56490c7f9a455eb764960472c3a4a2b8feb9321f1dce3f5fdaa7448b90371d15dd2dc70a48765aa27cbfa91a0a8ad4daf4973a9d1f7d34c29f76d35be06
SSDEEP

49152:QlYg9e3QXns/+waOLW6StuI4MdLMK9i/z4TMmQ0NCxw3L:QlYg9yjhaOVStZkz4TMuNlb

Score

6^/10

discovery

Checks installed software on the system 1 TTPs
Looks up Uninstall key entries in the registry to enumerate software on the system.
discovery

Query Registry
T1012

Suspicious use of NtSetInformationThreadHideFromDebugger 1 IoCs

pid	Process
4112	ACR+11Tr-LNG.exe

Suspicious behavior: EnumeratesProcesses 64 IoCs

Suspicious behavior: GetForegroundWindowSpam 1 IoCs

pid	Process
4112	ACR+11Tr-LNG.exe

Suspicious use of AdjustPrivilegeToken 2 IoCs

description	pid	Process
Token: 33	2392	AUDIODG.EXE
Token: SeIncBasePriorityPrivilege	2392	AUDIODG.EXE

Suspicious use of SetWindowsHookEx 1 IoCs

pid	Process
4112	ACR+11Tr-LNG.exe

C:\Windows\system32\AUDIODG.EXE
C:\Windows\system32\AUDIODG.EXE 0x154 0x240
1⤵
- Suspicious use of AdjustPrivilegeToken
PID:2392

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

memory/4112-0-0x0000000000400000-0x0000000000CB3000-memory.dmp

Filesize
8.7MB

Download
memory/4112-1-0x0000000000400000-0x0000000000CB3000-memory.dmp

Filesize
8.7MB

Download
memory/4112-4-0x0000000000400000-0x0000000000CB3000-memory.dmp

Filesize
8.7MB

Download