edd82e40e911be51bcc228cdea34b3454c229b345e3c4d214058d2d5144b5f6c

Analysis

max time kernel
90s
max time network
108s
platform
windows10-2004_x64
resource
win10v2004-20231222-en
resource tags

arch:x64arch:x86image:win10v2004-20231222-enlocale:en-usos:windows10-2004-x64system
submitted
19/02/2024, 22:42

Target

Virus/Virus/bin/Debug/Virus.exe
Size

3.0MB
MD5

ceb728f44e9db8c057e307b39c67e8fe
SHA1

dfab0b4f0c716f5af0bcaf579a250ccdfc09ec66
SHA256

ed03452448f19339e1488748ad15caa629c1005cd45f2d42df3cb68b61ca70f6
SHA512

df4b23aaa71402e8a5d11ad0ee793b47c5562741c0c2aaa6e65c9b691d4ef30fbac7aa51b7dc1a2233430d59bf415b03293f24f75395c67834585adc2ee00245
SSDEEP

49152:bj3iZ1MHTIo3dLoYNiDSeP7jxPXyouZ3xtNg5EzN3CD70c5iMOIEQLx3+bt+g:bma9NLYGG7FduZhtau3Cv0cIIEQVubt9

Score

8^/10

evasion

Kills process with taskkill 2 IoCs

evasion

pid	Process
4440	taskkill.exe
980	taskkill.exe

Suspicious use of AdjustPrivilegeToken 4 IoCs

description	pid	Process
Token: SeDebugPrivilege	4440	taskkill.exe
Token: SeDebugPrivilege	980	taskkill.exe
Token: 33	3704	AUDIODG.EXE
Token: SeIncBasePriorityPrivilege	3704	AUDIODG.EXE

Suspicious use of WriteProcessMemory 4 IoCs

description	pid	Process	procid_target
PID 4740 wrote to memory of 4440	4740	Virus.exe	83
PID 4740 wrote to memory of 4440	4740	Virus.exe	83
PID 4740 wrote to memory of 980	4740	Virus.exe	86
PID 4740 wrote to memory of 980	4740	Virus.exe	86

C:\Users\Admin\AppData\Local\Temp\Virus\Virus\bin\Debug\Virus.exe
"C:\Users\Admin\AppData\Local\Temp\Virus\Virus\bin\Debug\Virus.exe"
1⤵
- Suspicious use of WriteProcessMemory
PID:4740
- C:\Windows\SYSTEM32\taskkill.exe
  taskkill.exe /f /im explorer.exe
  2⤵
  - Kills process with taskkill
  - Suspicious use of AdjustPrivilegeToken
  PID:4440
- C:\Windows\SYSTEM32\taskkill.exe
  taskkill.exe /f /im taskmgr.exe
  2⤵
  - Kills process with taskkill
  - Suspicious use of AdjustPrivilegeToken
  PID:980

C:\Windows\system32\AUDIODG.EXE
C:\Windows\system32\AUDIODG.EXE 0x4f8 0x304
1⤵
- Suspicious use of AdjustPrivilegeToken
PID:3704

memory/4740-0-0x000000001C150000-0x000000001C1F6000-memory.dmp

Filesize
664KB

Download
memory/4740-2-0x0000000001C80000-0x0000000001C90000-memory.dmp

Filesize
64KB

Download
memory/4740-3-0x000000001C6D0000-0x000000001CB9E000-memory.dmp

Filesize
4.8MB

Download
memory/4740-1-0x00007FFEF9400000-0x00007FFEF9DA1000-memory.dmp

Filesize
9.6MB

Download
memory/4740-4-0x000000001CC60000-0x000000001CCFC000-memory.dmp

Filesize
624KB

Download
memory/4740-5-0x00007FFEF9400000-0x00007FFEF9DA1000-memory.dmp

Filesize
9.6MB

Download
memory/4740-6-0x0000000001A10000-0x0000000001A18000-memory.dmp

Filesize
32KB

Download
memory/4740-7-0x000000001CDC0000-0x000000001CE0C000-memory.dmp

Filesize
304KB

Download
memory/4740-8-0x0000000001C80000-0x0000000001C90000-memory.dmp

Filesize
64KB

Download
memory/4740-9-0x00007FFEF9400000-0x00007FFEF9DA1000-memory.dmp

Filesize
9.6MB

Download
memory/4740-10-0x00007FFEF9400000-0x00007FFEF9DA1000-memory.dmp

Filesize
9.6MB

Download
memory/4740-11-0x0000000001C80000-0x0000000001C90000-memory.dmp

Filesize
64KB

Download