b0deaa233b7dd36b5db2c5df44b6a4915539fa7b93f74ff8c4bd9f00ea8701f4 | Triage

Analysis

max time kernel
105s
max time network
17s
platform
windows7_x64
resource
win7-20240221-en
resource tags

arch:x64arch:x86image:win7-20240221-enlocale:en-usos:windows7-x64system
submitted
05-03-2024 08:38

Sharing

Report Analysis Logs

General

Target

Smurfhat1
Size

36B
MD5

f645b1c59269b0d54238bb8febef87ea
SHA1

04939710c429fb9c4ba16cd504091a55135e0af7
SHA256

b0deaa233b7dd36b5db2c5df44b6a4915539fa7b93f74ff8c4bd9f00ea8701f4
SHA512

1a151c1069c9287c9600353d48248c3c8e76a5bb5565b6d518c4dabe2004d7203a23bf9af6092932f4e5922d3cd47e726d4e630353151b97c532b2a5284e3e2f

Score

1^/10

Malware Config

Signatures

Suspicious use of AdjustPrivilegeToken 4 IoCs

description	pid	Process
Token: 33	1660	AUDIODG.EXE
Token: SeIncBasePriorityPrivilege	1660	AUDIODG.EXE
Token: 33	1660	AUDIODG.EXE
Token: SeIncBasePriorityPrivilege	1660	AUDIODG.EXE

Suspicious use of SetWindowsHookEx 7 IoCs

pid	Process
844	osk.exe
844	osk.exe
844	osk.exe
844	osk.exe
844	osk.exe
844	osk.exe
844	osk.exe

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 1488 wrote to memory of 844	1488	utilman.exe	34
PID 1488 wrote to memory of 844	1488	utilman.exe	34
PID 1488 wrote to memory of 844	1488	utilman.exe	34

C:\Windows\system32\cmd.exe
cmd /c C:\Users\Admin\AppData\Local\Temp\Smurfhat1
1⤵
PID:2580

C:\Windows\system32\osk.exe
"C:\Windows\system32\osk.exe"
1⤵
PID:1904

C:\Windows\system32\utilman.exe
utilman.exe /debug
1⤵
- Suspicious use of WriteProcessMemory
PID:1488
- C:\Windows\System32\osk.exe
  "C:\Windows\System32\osk.exe"
  2⤵
  - Suspicious use of SetWindowsHookEx
  PID:844

C:\Windows\system32\AUDIODG.EXE
C:\Windows\system32\AUDIODG.EXE 0x560
1⤵
- Suspicious use of AdjustPrivilegeToken
PID:1660

C:\Windows\system32\utilman.exe
utilman.exe /debug
1⤵
PID:2232

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads