Analysis
-
max time kernel
124s -
max time network
123s -
platform
windows7_x64 -
resource
win7-20240508-en -
resource tags
arch:x64arch:x86image:win7-20240508-enlocale:en-usos:windows7-x64system -
submitted
27/05/2024, 18:28
Static task
static1
Behavioral task
behavioral1
Sample
ysoserial-all.jar
Resource
win7-20240508-en
1 signatures
150 seconds
Behavioral task
behavioral2
Sample
ysoserial-all.jar
Resource
win10v2004-20240426-en
2 signatures
150 seconds
General
-
Target
ysoserial-all.jar
-
Size
56.8MB
-
MD5
5f8b625e5b48ed2691d6314d83d9a7f2
-
SHA1
f7edfc4e9591e1af51a2cd5f773d75ad4f02be3f
-
SHA256
2c9bddd6a1a4ec66c1078ea97dacb61eb66d1c41aec7b6d21e3c72214ce170f1
-
SHA512
f2508b7c0445352fec089dd5aa4ab721649e138fd4c9445dad69ac10deaaf2a62188387a5ad5477dd2349f2e57408d6994185cda0469b1bde767d08807a03a6a
-
SSDEEP
786432:P8CPtkgwmPJoQcch6Ohf96EyP2JjeUFmI8jM3MXVQNxnbVjACuhLrnPfee:UCPtkgTJXcbFsJjsljM8obVjBGLDX3
Score
1/10
Malware Config
Signatures
-
Suspicious use of AdjustPrivilegeToken 4 IoCs
description pid Process Token: 33 2476 AUDIODG.EXE Token: SeIncBasePriorityPrivilege 2476 AUDIODG.EXE Token: 33 2476 AUDIODG.EXE Token: SeIncBasePriorityPrivilege 2476 AUDIODG.EXE
Processes
-
C:\Windows\system32\java.exejava -jar C:\Users\Admin\AppData\Local\Temp\ysoserial-all.jar1⤵PID:1644
-
C:\Windows\explorer.exe"C:\Windows\explorer.exe"1⤵PID:2200
-
C:\Windows\system32\AUDIODG.EXEC:\Windows\system32\AUDIODG.EXE 0x5001⤵
- Suspicious use of AdjustPrivilegeToken
PID:2476