Analysis
-
max time kernel
150s -
max time network
151s -
platform
windows10-1703_x64 -
resource
win10-20240404-en -
resource tags
arch:x64arch:x86image:win10-20240404-enlocale:en-usos:windows10-1703-x64system -
submitted
18-07-2024 17:34
Behavioral task
behavioral1
Sample
Client.exe
Resource
win10-20240404-en
3 signatures
150 seconds
General
-
Target
Client.exe
-
Size
75KB
-
MD5
09c9622152c429fbe318c953c0c3e009
-
SHA1
59735fa6d8ad54afc7397aa412db843a781a50f6
-
SHA256
3d9236f6298851af038f019993f2234a5b2d543cead447e8e21ce943919cac2f
-
SHA512
aea506277293522a8bcd1e6e811438f293b1f8cb0da49cb5d0f41e37a31f33426296f5c60698f52f4f35578359c2ac85279fd61e9f54f6448cb85e488990871d
-
SSDEEP
1536:M0+xfez0ENV8nUw5rASb2LimfcHUtpqKmY7:M0AeQEjboASb2mqz2z
Score
1/10
Malware Config
Signatures
-
Suspicious behavior: EnumeratesProcesses 64 IoCs
pid Process 4660 Client.exe 4660 Client.exe 4660 Client.exe 4660 Client.exe 4660 Client.exe 4660 Client.exe 4660 Client.exe 4660 Client.exe 4660 Client.exe 4660 Client.exe 4660 Client.exe 4660 Client.exe 4660 Client.exe 4660 Client.exe 4660 Client.exe 4660 Client.exe 4660 Client.exe 4660 Client.exe 4660 Client.exe 4660 Client.exe 4660 Client.exe 4660 Client.exe 4660 Client.exe 4660 Client.exe 4660 Client.exe 4660 Client.exe 4660 Client.exe 4660 Client.exe 4660 Client.exe 4660 Client.exe 4660 Client.exe 4660 Client.exe 4660 Client.exe 4660 Client.exe 4660 Client.exe 4660 Client.exe 4660 Client.exe 4660 Client.exe 4660 Client.exe 4660 Client.exe 4660 Client.exe 4660 Client.exe 4660 Client.exe 4660 Client.exe 4660 Client.exe 4660 Client.exe 4660 Client.exe 4660 Client.exe 4660 Client.exe 4660 Client.exe 4660 Client.exe 4660 Client.exe 4660 Client.exe 4660 Client.exe 4660 Client.exe 4660 Client.exe 4660 Client.exe 4660 Client.exe 4660 Client.exe 4660 Client.exe 4660 Client.exe 4660 Client.exe 4660 Client.exe 4660 Client.exe -
Suspicious use of AdjustPrivilegeToken 3 IoCs
description pid Process Token: SeDebugPrivilege 4660 Client.exe Token: 33 4240 AUDIODG.EXE Token: SeIncBasePriorityPrivilege 4240 AUDIODG.EXE -
Suspicious use of SetWindowsHookEx 1 IoCs
pid Process 4660 Client.exe
Processes
-
C:\Users\Admin\AppData\Local\Temp\Client.exe"C:\Users\Admin\AppData\Local\Temp\Client.exe"1⤵
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of SetWindowsHookEx
PID:4660
-
C:\Windows\system32\AUDIODG.EXEC:\Windows\system32\AUDIODG.EXE 0x2bc1⤵
- Suspicious use of AdjustPrivilegeToken
PID:4240
Network
-
Remote address:8.8.8.8:53Requestyahoo-admin.gl.at.ply.ggIN AResponseyahoo-admin.gl.at.ply.ggIN A147.185.221.20
-
Remote address:8.8.8.8:53Request20.221.185.147.in-addr.arpaIN PTRResponse
-
Remote address:8.8.8.8:53Request31.243.111.52.in-addr.arpaIN PTRResponse
-
Remote address:8.8.8.8:53Request88.16.208.104.in-addr.arpaIN PTRResponse
-
Remote address:8.8.8.8:53Request73.144.22.2.in-addr.arpaIN PTRResponse73.144.22.2.in-addr.arpaIN PTRa2-22-144-73deploystaticakamaitechnologiescom
-
156 B 3
-
156 B 3
-
33.9kB 1.6MB 706 1264
-
4.9kB 220.5kB 100 183
-
7.5kB 84.4kB 114 138
-
594 B 521 B 9 8
-
560 B 132 B 6 3
-
70 B 86 B 1 1
DNS Request
yahoo-admin.gl.at.ply.gg
DNS Response
147.185.221.20
-
73 B 130 B 1 1
DNS Request
20.221.185.147.in-addr.arpa
-
72 B 158 B 1 1
DNS Request
31.243.111.52.in-addr.arpa
-
70 B 133 B 1 1
DNS Request
73.144.22.2.in-addr.arpa
-
72 B 146 B 1 1
DNS Request
88.16.208.104.in-addr.arpa