b8ff05612476e6f6ce429419adfc38fe71da319bafb3ba39bd72ccde95ab2dab | Triage

Resubmissions

26-07-2024 14:06

240726-rew4aawcpg 10

26-07-2024 14:01

240726-rbhfqasbmp 10

Analysis

max time kernel
845s
max time network
849s
platform
windows7_x64
resource
win7-20240705-en
resource tags

arch:x64arch:x86image:win7-20240705-enlocale:en-usos:windows7-x64system
submitted
26-07-2024 14:01

Sharing

Report Analysis Logs

General

Target

140000000.exe
Size

80KB
MD5

0d1c013939f390023fb0a98f006171a4
SHA1

30553889a1e4d8d180afa5adacfde37b5d78488a
SHA256

b8ff05612476e6f6ce429419adfc38fe71da319bafb3ba39bd72ccde95ab2dab
SHA512

184884f77c8a6e94a4c106f745977f8810f2a9d286cfb1010f6a015956ee8c1be37c66d9fbea8570533d691c7d3d9214440d5169aa6d973a4c345233d8917e46
SSDEEP

768:k3KIOWOiLVYVHSXgspu/aMxuyr3HT+WVXjS6c54GzzNUTf8egoKU:k9OiJYVQ/9k3H9Xyuszwf8egoKU

Score

1^/10

Malware Config

Signatures

Suspicious behavior: EnumeratesProcesses 2 IoCs

pid	Process
2064	140000000.exe
2064	140000000.exe

Suspicious use of AdjustPrivilegeToken 4 IoCs

description	pid	Process
Token: 33	1152	AUDIODG.EXE
Token: SeIncBasePriorityPrivilege	1152	AUDIODG.EXE
Token: 33	1152	AUDIODG.EXE
Token: SeIncBasePriorityPrivilege	1152	AUDIODG.EXE

C:\Users\Admin\AppData\Local\Temp\140000000.exe
"C:\Users\Admin\AppData\Local\Temp\140000000.exe"
1⤵
- Suspicious behavior: EnumeratesProcesses
PID:2064

C:\Windows\explorer.exe
"C:\Windows\explorer.exe"
1⤵
PID:2004

C:\Windows\system32\AUDIODG.EXE
C:\Windows\system32\AUDIODG.EXE 0x564
1⤵
- Suspicious use of AdjustPrivilegeToken
PID:1152

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads