0cf583c79dc6fd3186e5f1924d07e9d336386970108aae2444f42fc81c369abc | Triage

Analysis

max time kernel
147s
max time network
150s
platform
windows11-21h2_x64
resource
win11-20231215-en
resource tags

arch:x64arch:x86image:win11-20231215-enlocale:en-usos:windows11-21h2-x64system
submitted
02/02/2024, 16:44

Sharing

Report Analysis Logs

General

Target

KillWin.exe
Size

20KB
MD5

2bc91de2e5eafeeb9a846a7b8d1c8989
SHA1

a71c61f002b88e67944e7ea0eca1e6ee7e5a7651
SHA256

0cf583c79dc6fd3186e5f1924d07e9d336386970108aae2444f42fc81c369abc
SHA512

32e464c8c7ca2c3af89539525889db0b6ddfd164aeb26e70ee67358f57eb74cdc8fdd9ed16546c052bc179f5e0021b5010fa8b69619cfaa65a067d53bdadae65
SSDEEP

384:x7lpfyFD13Am6UuY9VqbUtSYtPTojlul/l8li5kTw35KDvdW:x7lxyFD13Am6UuY9VqYRmlul/l8le3/

Score

1^/10

Malware Config

Signatures

Suspicious use of AdjustPrivilegeToken 2 IoCs

description	pid	Process
Token: 33	4780	AUDIODG.EXE
Token: SeIncBasePriorityPrivilege	4780	AUDIODG.EXE

C:\Users\Admin\AppData\Local\Temp\KillWin.exe
"C:\Users\Admin\AppData\Local\Temp\KillWin.exe"
1⤵
PID:4336

C:\Windows\system32\AUDIODG.EXE
C:\Windows\system32\AUDIODG.EXE 0x00000000000004D8 0x00000000000004E8
1⤵
- Suspicious use of AdjustPrivilegeToken
PID:4780

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads