fd1f6b4810656ebb45ab675922aa86661b1b15fd0d1c5adeba4a44f7034be5a2

Analysis

max time kernel
137s
max time network
152s
platform
windows7_x64
resource
win7-20240221-en
resource tags

arch:x64arch:x86image:win7-20240221-enlocale:en-usos:windows7-x64system
submitted
08-06-2024 01:21

Target

fd1f6b4810656ebb45ab675922aa86661b1b15fd0d1c5adeba4a44f7034be5a2.exe
Size

845KB
MD5

7ad1909784bfaf8170b36e0f5f98d79c
SHA1

d02a1a962abd114639970e4e10cccc6a3815c9d6
SHA256

fd1f6b4810656ebb45ab675922aa86661b1b15fd0d1c5adeba4a44f7034be5a2
SHA512

a639e56aab9cb7d93edbd1edaed6a58dfa3bcf7223e0fc30643255f4e9ea7bc593112678c40d5109f2bf6ae92e977aeb605ccd9ca0183b814cd14058b3443212
SSDEEP

24576:kWS04YNEMuExDiU6E5R9s8xY/2l/dzuIbt+rk:ky4auS+UjfU2TzuIbt+r

Score

7^/10

Executes dropped EXE 1 IoCs

pid	Process
2916	AudioDriver.exe

Loads dropped DLL 1 IoCs

pid	Process
2244	fd1f6b4810656ebb45ab675922aa86661b1b15fd0d1c5adeba4a44f7034be5a2.exe

Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

Suspicious behavior: EnumeratesProcesses 36 IoCs

Suspicious use of AdjustPrivilegeToken 1 IoCs

description	pid	Process
Token: SeDebugPrivilege	2916	AudioDriver.exe

Suspicious use of WriteProcessMemory 4 IoCs

description	pid	Process	procid_target
PID 2244 wrote to memory of 2916	2244	fd1f6b4810656ebb45ab675922aa86661b1b15fd0d1c5adeba4a44f7034be5a2.exe	28
PID 2244 wrote to memory of 2916	2244	fd1f6b4810656ebb45ab675922aa86661b1b15fd0d1c5adeba4a44f7034be5a2.exe	28
PID 2244 wrote to memory of 2916	2244	fd1f6b4810656ebb45ab675922aa86661b1b15fd0d1c5adeba4a44f7034be5a2.exe	28
PID 2244 wrote to memory of 2916	2244	fd1f6b4810656ebb45ab675922aa86661b1b15fd0d1c5adeba4a44f7034be5a2.exe	28

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

\Users\Admin\AppData\Roaming\Microsoft\Speech\AudioDriver.exe

Filesize
845KB

MD5
7ad1909784bfaf8170b36e0f5f98d79c

SHA1
d02a1a962abd114639970e4e10cccc6a3815c9d6

SHA256
fd1f6b4810656ebb45ab675922aa86661b1b15fd0d1c5adeba4a44f7034be5a2

SHA512
a639e56aab9cb7d93edbd1edaed6a58dfa3bcf7223e0fc30643255f4e9ea7bc593112678c40d5109f2bf6ae92e977aeb605ccd9ca0183b814cd14058b3443212

Download Submit
memory/2244-0-0x0000000074191000-0x0000000074192000-memory.dmp

Filesize
4KB

Download
memory/2244-1-0x0000000074190000-0x000000007473B000-memory.dmp

Filesize
5.7MB

Download
memory/2244-2-0x0000000074190000-0x000000007473B000-memory.dmp

Filesize
5.7MB

Download
memory/2244-11-0x0000000074190000-0x000000007473B000-memory.dmp

Filesize
5.7MB

Download
memory/2916-14-0x0000000074190000-0x000000007473B000-memory.dmp

Filesize
5.7MB

Download
memory/2916-13-0x0000000074190000-0x000000007473B000-memory.dmp

Filesize
5.7MB

Download
memory/2916-12-0x0000000074190000-0x000000007473B000-memory.dmp

Filesize
5.7MB

Download
memory/2916-15-0x0000000074190000-0x000000007473B000-memory.dmp

Filesize
5.7MB

Download
memory/2916-16-0x0000000074190000-0x000000007473B000-memory.dmp

Filesize
5.7MB

Download