b520c280ba9a110a422298072d02231b4d281447e3116e8912e8317e7d6cbc1f | Triage

Analysis

max time kernel
13s
max time network
20s
platform
windows7_x64
resource
win7-20240704-en
resource tags

arch:x64arch:x86image:win7-20240704-enlocale:en-usos:windows7-x64system
submitted
15/07/2024, 07:41

Sharing

Report Analysis Logs

General

Target

迷你QQ.exe
Size

66KB
MD5

a51f3391c5a94be5a6aa28a2be9e9431
SHA1

136768893a8b0009cd0f33d8cb78fcd6fb58d237
SHA256

4b9e1815ddc45f4f0622e892e22307d42374d6e224a4524d32db51f49aa3371a
SHA512

a6cb245cd5bad8576975f19af90efa6ac1fddbef48188bc2a9f0c9a31a44f920e8f89f2918ef2ae83496137d886bfc1c1eade2661c2d141d69963417d7a1cbba
SSDEEP

1536:yDXdf7GwpIZVjiGJWYN9WYjsOiBlemoxqlpmmPsx8WBn:Azp0yi9WYjuemoxq7K8WBn

Score

1^/10

Malware Config

Signatures

Suspicious use of AdjustPrivilegeToken 4 IoCs

description	pid	Process
Token: 33	2712	AUDIODG.EXE
Token: SeIncBasePriorityPrivilege	2712	AUDIODG.EXE
Token: 33	2712	AUDIODG.EXE
Token: SeIncBasePriorityPrivilege	2712	AUDIODG.EXE

C:\Users\Admin\AppData\Local\Temp\迷你QQ.exe
"C:\Users\Admin\AppData\Local\Temp\迷你QQ.exe"
1⤵
PID:2164

C:\Windows\system32\AUDIODG.EXE
C:\Windows\system32\AUDIODG.EXE 0x494
1⤵
- Suspicious use of AdjustPrivilegeToken
PID:2712

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads