Analysis
-
max time kernel
33s -
max time network
38s -
platform
windows10-2004_x64 -
resource
win10v2004-20240611-en -
resource tags
arch:x64arch:x86image:win10v2004-20240611-enlocale:en-usos:windows10-2004-x64system -
submitted
13/06/2024, 00:20
Static task
static1
Behavioral task
behavioral1
Sample
D3DX9_43.dll
Resource
win7-20240221-en
Behavioral task
behavioral2
Sample
D3DX9_43.dll
Resource
win10v2004-20240611-en
Behavioral task
behavioral3
Sample
NekoPresence_x64.dll
Resource
win7-20240611-en
Behavioral task
behavioral4
Sample
NekoPresence_x64.dll
Resource
win10v2004-20240611-en
Behavioral task
behavioral5
Sample
SMM-WE.exe
Resource
win7-20240220-en
Behavioral task
behavioral6
Sample
SMM-WE.exe
Resource
win10v2004-20240611-en
General
-
Target
SMM-WE.exe
-
Size
35.2MB
-
MD5
226c2abd77622f6187876b11dbf7c2da
-
SHA1
e8a59e806b17d9da6c0fc74cc0499ec60a3f5313
-
SHA256
35b7f7e8a4a3b8053681c762043cdaad2cf6ae41eeac8020f218ecfe9e4b3267
-
SHA512
ebeceb00e86f275f14cd25457398a9e22410d365b7994ab11fafbc4a8e701c8dd4ff29b1c07bd023d270e1a08bf57c95eb3f81d03b6c374a2fa5c46e94c18931
-
SSDEEP
393216:qSINQUslNewXSVJiWxt8ISUv9vpOiOk0mf7GOWGwNliH44rRmiSSX1UWIybbuuzp:fJfH/qtb/cEv
Malware Config
Signatures
-
Suspicious use of AdjustPrivilegeToken 2 IoCs
description pid Process Token: 33 2868 AUDIODG.EXE Token: SeIncBasePriorityPrivilege 2868 AUDIODG.EXE -
Suspicious use of SetWindowsHookEx 2 IoCs
pid Process 1124 SMM-WE.exe 1124 SMM-WE.exe