8382032a085583934e8fb35d133be4e3b4f07f06e5453b63b1a18562c6990fee

Analysis

max time kernel
141s
max time network
54s
platform
windows10-2004_x64
resource
win10v2004-20240419-en
resource tags

arch:x64arch:x86image:win10v2004-20240419-enlocale:en-usos:windows10-2004-x64system
submitted
28-04-2024 00:23

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

Kontakt 7.10.1 Patcher.exe
Size

50.3MB
MD5

bf590928044f46785a982149f113b82f
SHA1

96585ca0392b83abd79531655301848d3879231b
SHA256

8382032a085583934e8fb35d133be4e3b4f07f06e5453b63b1a18562c6990fee
SHA512

73722e67cef477e9b8188b1ddbd08bf8755148f32abb73f35cbbfbfb42e18570e3c05eaa82bc7ca507bf9e98dbfbbd6a0b23ddbee4e722da5717b602ba7bdb3c
SSDEEP

786432:alRDfe2+KZMBGb7s/LqWEExMKaE/8sXAwQoGpAjn+pE5Q9oq4h9ukHeoU3T:4Db+K2aA+WEqd/IHpAjnUE5QYhQ6er

Score

7^/10

Malware Config

Signatures

Loads dropped DLL 2 IoCs

pid	Process
2300	Kontakt 7.10.1 Patcher.exe
2300	Kontakt 7.10.1 Patcher.exe

Suspicious use of AdjustPrivilegeToken 2 IoCs

description	pid	Process
Token: 33	3872	AUDIODG.EXE
Token: SeIncBasePriorityPrivilege	3872	AUDIODG.EXE

C:\Users\Admin\AppData\Local\Temp\Kontakt 7.10.1 Patcher.exe
"C:\Users\Admin\AppData\Local\Temp\Kontakt 7.10.1 Patcher.exe"
1⤵
- Loads dropped DLL
PID:2300

C:\Windows\system32\AUDIODG.EXE
C:\Windows\system32\AUDIODG.EXE 0x328 0x2f0
1⤵
- Suspicious use of AdjustPrivilegeToken
PID:3872

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\bassmod.dll

Filesize
33KB

MD5
e4ec57e8508c5c4040383ebe6d367928

SHA1
b22bcce36d9fdeae8ab7a7ecc0b01c8176648d06

SHA256
8ad9e47693e292f381da42ddc13724a3063040e51c26f4ca8e1f8e2f1ddd547f

SHA512
77d5cf66caf06e192e668fae2b2594e60a498e8e0ccef5b09b9710721a4cdb0c852d00c446fd32c5b5c85e739de2e73cb1f1f6044879fe7d237341bbb6f27822

Download Submit
C:\Users\Admin\AppData\Local\Temp\dup2patcher.dll

Filesize
50.3MB

MD5
fb253f2d0c0c031bb8afe37ae6bdedcd

SHA1
977c699008739a7b7d505475604beaefed976bf5

SHA256
4a6422740cf07ccdad07dc3e46d5010e58fd229a6040d04b66c089574ca89745

SHA512
f564e797af7a8dc926a320bc58de3740a6021a159b35da21b5e58a59d242a1e6e64a068591fb537a3c3dca5edd3d62bf778cfa0e6b1a19456f4105c0d3445df7

Download Submit
memory/2300-14-0x0000000010000000-0x0000000010013000-memory.dmp

Filesize
76KB

Download
memory/2300-17-0x0000000010000000-0x0000000010013000-memory.dmp

Filesize
76KB

Download
memory/2300-10-0x0000000010000000-0x0000000010013000-memory.dmp

Filesize
76KB

Download
memory/2300-11-0x0000000010000000-0x0000000010013000-memory.dmp

Filesize
76KB

Download
memory/2300-12-0x0000000010000000-0x0000000010013000-memory.dmp

Filesize
76KB

Download
memory/2300-13-0x0000000010000000-0x0000000010013000-memory.dmp

Filesize
76KB

Download
memory/2300-8-0x0000000071EA0000-0x000000007510A000-memory.dmp

Filesize
50.4MB

Download
memory/2300-15-0x0000000010000000-0x0000000010013000-memory.dmp

Filesize
76KB

Download
memory/2300-16-0x0000000010000000-0x0000000010013000-memory.dmp

Filesize
76KB

Download
memory/2300-9-0x0000000010000000-0x0000000010013000-memory.dmp

Filesize
76KB

Download
memory/2300-18-0x0000000010000000-0x0000000010013000-memory.dmp

Filesize
76KB

Download
memory/2300-19-0x0000000010000000-0x0000000010013000-memory.dmp

Filesize
76KB

Download
memory/2300-20-0x0000000010000000-0x0000000010013000-memory.dmp

Filesize
76KB

Download
memory/2300-21-0x0000000010000000-0x0000000010013000-memory.dmp

Filesize
76KB

Download
memory/2300-22-0x0000000010000000-0x0000000010013000-memory.dmp

Filesize
76KB

Download
memory/2300-23-0x0000000010000000-0x0000000010013000-memory.dmp

Filesize
76KB

Download
memory/2300-24-0x0000000010000000-0x0000000010013000-memory.dmp

Filesize
76KB

Download

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads