92e5a2fb9c2403bcdfffc5d91c7cc959da76e0ddd843b2d43a8a3a858f9c90a6

Submit
Reports

Overview

overview

Static

static

02db3ec764...ce.exe

windows7-x64

09f27e0189...2e.exe

windows7-x64

0abe62de95...d2.exe

windows7-x64

13ad5c6c04...20.exe

windows7-x64

181d5a2aa3...54.exe

windows7-x64

19bdaadf42...ed.exe

windows7-x64

1f1cc17473...5e.exe

windows7-x64

1f4e927f6e...a4.exe

windows7-x64

222d06b236...66.exe

windows7-x64

23b5ce252f...5b.exe

windows7-x64

24ebe7609d...a9.exe

windows7-x64

25fcedbb8b...78.exe

windows7-x64

26f2bf1fc3...fe.exe

windows7-x64

32a22a65aa...2f.exe

windows7-x64

35fdad147c...8f.exe

windows7-x64

36bfd9f40c...07.exe

windows7-x64

39a6618795...45.exe

windows7-x64

3c8ac670d8...98.exe

windows7-x64

401beec1e5...c3.exe

windows7-x64

46c17836fd...b2.exe

windows7-x64

54edb6518a...9a.exe

windows7-x64

56ec95785f...a4.exe

windows7-x64

5c959580ad...bd.dll

windows7-x64

675e7e38d9...a8.exe

windows7-x64

6b4f6a820d...96.exe

windows7-x64

721ccbb780...29.exe

windows7-x64

75a9ade196...1d.exe

windows7-x64

7a2aa7c097...bd.exe

windows7-x64

87bcc495ec...65.exe

windows7-x64

8d11fa1067...54.exe

windows7-x64

97d846563e...3b.exe

windows7-x64

9e4e60ee2a...c6.exe

windows7-x64

Analysis

max time kernel
329s
max time network
335s
platform
windows7_x64
resource
win7-20240221-en
resource tags

arch:x64arch:x86image:win7-20240221-enlocale:en-usos:windows7-x64system
submitted
26-03-2024 16:53

Sharing

Copy URL

Twitter E-mail

Static task

static1

5 signatures

Behavioral task

behavioral1

Sample

02db3ec76453f4a8ed495b9befac3ce2d51ef58c22d167e25a20bd050f5094ce.exe

Resource

win7-20240220-en

persistence

windows7-x64

6 signatures

1800 seconds

Behavioral task

behavioral2

Sample

09f27e01898779236a9f31185667b9f4a97dd1f30c972386fd995502acfb992e.exe

Resource

win7-20240215-en

windows7-x64

2 signatures

1800 seconds

Behavioral task

behavioral3

Sample

0abe62de95ad966482f445504eb8a385afb8e4b4ba5a36ea34fce13b3da3dad2.exe

Resource

win7-20240221-en

upx

windows7-x64

6 signatures

1800 seconds

Behavioral task

behavioral4

Sample

13ad5c6c04c32e246dba78cf2e3737470af66b0b73553ab8f025ade626b8a120.exe

Resource

win7-20240221-en

upx

windows7-x64

10 signatures

1800 seconds

Behavioral task

behavioral5

Sample

181d5a2aa39493c50bc73723047157d843ecbc22d7cb56766eb737f529910854.exe

Resource

win7-20240221-en

upx

windows7-x64

1 signatures

1800 seconds

Behavioral task

behavioral6

Sample

19bdaadf42c44a28941ff6ecea6925de28caf172acb131085d93c7e56ac5fded.exe

Resource

win7-20240221-en

windows7-x64

0 signatures

1800 seconds

Behavioral task

behavioral7

Sample

1f1cc1747387db85919ee8af854dd1afe5239b34a1cdc98c5cea347de804205e.exe

Resource

win7-20240221-en

evasion persistence

windows7-x64

5 signatures

1800 seconds

Behavioral task

behavioral8

Sample

1f4e927f6e5ff4ae660f4d99194a9a7c05d5d829c6c3dbe1ee52a00fc740d6a4.exe

Resource

win7-20240220-en

persistence spyware stealer

windows7-x64

17 signatures

1800 seconds

Behavioral task

behavioral9

Sample

222d06b23600bbd1fd66b6649618e5f3a7f4d81fcb8dfd961680d949aea31a66.exe

Resource

win7-20240221-en

persistence

windows7-x64

3 signatures

1800 seconds

Behavioral task

behavioral10

Sample

23b5ce252f1cb3ff40a3bcb3ea53dd674175c3ad782b00e33ae45c8c87fa265b.exe

Resource

win7-20240221-en

dharma persistence ransomware spyware stealer

windows7-x64

16 signatures

1800 seconds

Behavioral task

behavioral11

Sample

24ebe7609d56c62fca780bf5ef346aa91c0412418f1f85d591005b4509bcbca9.exe

Resource

win7-20240221-en

persistence

windows7-x64

3 signatures

1800 seconds

Behavioral task

behavioral12

Sample

25fcedbb8b0ae97c1e9b7b56e0ce3511976661bbdcf075dfed18b36a58ab5d78.exe

Resource

win7-20240319-en

windows7-x64

0 signatures

1800 seconds

Behavioral task

behavioral13

Sample

26f2bf1fc3ee321d48dce649fae9951220f0f640c69d5433850b469115c144fe.exe

Resource

win7-20240319-en

windows7-x64

1 signatures

1800 seconds

Behavioral task

behavioral14

Sample

32a22a65aa2666a6a34f0be77cb6bd3f275bcd1e1c54ad49e187984d76f49e2f.exe

Resource

win7-20240221-en

windows7-x64

1 signatures

1800 seconds

Behavioral task

behavioral15

Sample

35fdad147c2ab2c36dd7fd1ad1ae26b80be6c501bb22120b741be3ab34be168f.exe

Resource

win7-20240221-en

windows7-x64

0 signatures

1800 seconds

Behavioral task

behavioral16

Sample

36bfd9f40ce0043c878b28ca80dda5315cf681215baf4e1d539456d89b907807.exe

Resource

win7-20240221-en

windows7-x64

0 signatures

1800 seconds

Behavioral task

behavioral17

Sample

39a6618795b858d4f9a976c203bb9bee199db3555b9583b308954ccc09cffc45.exe

Resource

win7-20240215-en

windows7-x64

2 signatures

1800 seconds

Behavioral task

behavioral18

Sample

3c8ac670d8c920170dd431a5a08cbefd62a98e369eb552acbc04a0eeb2f2a198.exe

Resource

win7-20240215-en

windows7-x64

1 signatures

1800 seconds

Behavioral task

behavioral19

Sample

401beec1e5e07bfe7d0ebf18d9219f4f0a504284b6f9aab664e8af6e8bef31c3.exe

Resource

win7-20240221-en

windows7-x64

1 signatures

1800 seconds

Behavioral task

behavioral20

Sample

46c17836fd2d65343ca0d1adae5fa3209a1f2a128736c81f5d7d40fe7ee608b2.exe

Resource

win7-20240319-en

windows7-x64

1 signatures

1800 seconds

Behavioral task

behavioral21

Sample

54edb6518a4ba6561d14cfc2875b281f3a9a87aca7d839c5bc814ef5e6a0229a.exe

Resource

win7-20240215-en

upx

windows7-x64

3 signatures

1800 seconds

Behavioral task

behavioral22

Sample

56ec95785f91418751ad5788f9076af108ae19e03d2e0c0551ae8f8d8f5acba4.exe

Resource

win7-20231129-en

windows7-x64

0 signatures

1800 seconds

Behavioral task

behavioral23

Sample

5c959580adf1fbdfea872ece4d29ee6a8319a88273a9923988ef8be4197833bd.dll

Resource

win7-20240221-en

windows7-x64

1 signatures

1800 seconds

Behavioral task

behavioral24

Sample

675e7e38d969e9c0af164337a180b2941d4a676b7e0c345da1de1b2d42ed31a8.exe

Resource

win7-20231129-en

persistence ransomware spyware stealer

windows7-x64

5 signatures

1800 seconds

Behavioral task

behavioral25

Sample

6b4f6a820d415a88ee156607b13450cbe0bedad4eb05961c55f5926f86262296.exe

Resource

win7-20240221-en

windows7-x64

1 signatures

1800 seconds

Behavioral task

behavioral26

Sample

721ccbb780b308c6c40817749b6764ad06cd2e56389bba1618a0dadc362d6429.exe

Resource

win7-20240215-en

windows7-x64

4 signatures

1800 seconds

Behavioral task

behavioral27

Sample

75a9ade19696be512a894b659c4bebd174a868f404da5479f4fd96494e04c71d.exe

Resource

win7-20240221-en

dharma persistence ransomware

windows7-x64

13 signatures

1800 seconds

Behavioral task

behavioral28

Sample

7a2aa7c097a2e48184694d2d70027f7ac4081db7c6d555324aa5f060a37800bd.exe

Resource

win7-20240221-en

windows7-x64

0 signatures

1800 seconds

Behavioral task

behavioral29

Sample

87bcc495ec10c56b860450897f03869b74c66c2a2bd336d4fff67d2d777ad865.exe

Resource

win7-20240221-en

evasion

windows7-x64

2 signatures

1800 seconds

Behavioral task

behavioral30

Sample

8d11fa106742bd9038bf92ed3b3912b51f9b768ebd85b380081f61940fd92754.exe

Resource

win7-20240221-en

upx

windows7-x64

3 signatures

1800 seconds

Behavioral task

behavioral31

Sample

97d846563e9c5da173d27fd11a6f182709c665dba0cb3f85a882c7b3e9cd9a3b.exe

Resource

win7-20240215-en

windows7-x64

0 signatures

1800 seconds

Behavioral task

behavioral32

Sample

9e4e60ee2a8a8ce65072e3aa9b648d4e8ff45474a41d374126f3c045901550c6.exe

Resource

win7-20240221-en

windows7-x64

2 signatures

1800 seconds

Errors

Reason

Machine shutdown

Report Analysis Logs

General

Target

32a22a65aa2666a6a34f0be77cb6bd3f275bcd1e1c54ad49e187984d76f49e2f.exe
Size

2KB
MD5

06129baf1db8277a1eadbfaf361986f3
SHA1

a5947297bbcfdfa826c7eeb1f68a8d4a8951ead5
SHA256

32a22a65aa2666a6a34f0be77cb6bd3f275bcd1e1c54ad49e187984d76f49e2f
SHA512

7d8ad9ae8364529168242ff339bbad56d15365aa217c2cede99d1bca8f5a68910512b1368240fae5b10b1c4614561d6b41cb5af8fd9b4685ee34b7de5ba6fb81

Score

1^/10

Malware Config

Signatures

Suspicious use of AdjustPrivilegeToken 4 IoCs

Processes:

AUDIODG.EXE

description	pid	process
Token: 33	2432	AUDIODG.EXE
Token: SeIncBasePriorityPrivilege	2432	AUDIODG.EXE
Token: 33	2432	AUDIODG.EXE
Token: SeIncBasePriorityPrivilege	2432	AUDIODG.EXE

Processes

C:\Users\Admin\AppData\Local\Temp\32a22a65aa2666a6a34f0be77cb6bd3f275bcd1e1c54ad49e187984d76f49e2f.exe
"C:\Users\Admin\AppData\Local\Temp\32a22a65aa2666a6a34f0be77cb6bd3f275bcd1e1c54ad49e187984d76f49e2f.exe"
1⤵
PID:1928

C:\Windows\system32\LogonUI.exe
"LogonUI.exe" /flags:0x0
1⤵
PID:2528

C:\Windows\system32\AUDIODG.EXE
C:\Windows\system32\AUDIODG.EXE 0x2e8
1⤵
- Suspicious use of AdjustPrivilegeToken
PID:2432

C:\Windows\system32\LogonUI.exe
"LogonUI.exe" /flags:0x1
1⤵
PID:340

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

memory/340-1-0x0000000002820000-0x0000000002821000-memory.dmp

Filesize
4KB

Download
memory/2528-0-0x0000000002A40000-0x0000000002A41000-memory.dmp

Filesize
4KB

Download